31edb319affb5e5c6298a53ca2de62abedb01630 - fp2-dev/platform/external/selinux

commit	31edb319affb5e5c6298a53ca2de62abedb01630	[log] [tgz]
author	Eric Paris <eparis@redhat.com>	Mon Aug 15 19:58:08 2011 -0400
committer	Eric Paris <eparis@redhat.com>	Fri Sep 16 11:53:46 2011 -0400
tree	72328e404d441ca3ec9c38fee1304901404e6418
parent	4347a5c01d79778ffb9c74b02cd174b0469670c8 [diff]

policycoreutils: sandbox: rewrite /tmp handling

seunshare now creates a runtime temporary directory owned by root and
with the sticky bit set properly.  Files from the user-specified directory
are copied to the runtime directory and the changes synced back (using rsync)
at the end of the seunshare run.

This is hoped to address CVE-2011-1011

Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>

policycoreutils/sandbox/sandbox[diff]
policycoreutils/sandbox/seunshare.8[diff]
policycoreutils/sandbox/seunshare.c[diff]

3 files changed

tree: 72328e404d441ca3ec9c38fee1304901404e6418

checkpolicy/
libselinux/
libsemanage/
libsepol/
policycoreutils/
scripts/
sepolgen/
.gitignore
Makefile