Wrong SELinux permissions #24

New issue

Closed

opened 2019-10-18 20:49:45 +02:00 by Mant1kor · 1 comment

Mant1kor commented

2019-10-18 20:49:45 +02:00

(Migrated from github.com)

github.com/BookStackApp/devops@c85b867acb/scripts/installation-centos-7.sh (L132-L135)
chcon - it's a time bomb. Any system update with restorecon command, or .autorelabel file will restore SELinux context to default and break BookStack.
Use way in my pull request, or fix this by you own.

https://github.com/BookStackApp/devops/blob/c85b867acb3b620f69dcdc0a4256aaafd2c58308/scripts/installation-centos-7.sh#L132-L135 `chcon` - it's a [time bomb](https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/selinux_users_and_administrators_guide/sect-security-enhanced_linux-working_with_selinux-selinux_contexts_labeling_files#sect-Security-Enhanced_Linux-SELinux_Contexts_Labeling_Files-Temporary_Changes_chcon). Any system update with `restorecon` command, or `.autorelabel` file will restore SELinux context to default and break BookStack. Use way in my pull request, or fix this [by you own](https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/selinux_users_and_administrators_guide/sect-security-enhanced_linux-working_with_selinux-selinux_contexts_labeling_files#sect-Security-Enhanced_Linux-SELinux_Contexts_Labeling_Files-Persistent_Changes_semanage_fcontext).

ssddanbrown commented

2021-09-25 22:49:08 +02:00

(Migrated from github.com)

Thanks for reporting, I've now removed this script from this repo so this is no longer relevant.

No labels

No milestone

No project

No assignees

1 participant

Notifications

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

bookstack/devops#24

No description provided.

Rows
Columns