Fixing the security context of the user file automatically

Posted by: Tuyen Pham Thanh 3 years, 5 months ago

(0 comments)

The user's home directory frequently changes with newly created files or directories. These files must have the correct security context in accordance with the security policy. The restorecond user service is responsible for watching file creation and setting the file security context to the default by policy

To see the effect of the service, we create two files: ~/normal.txt is the normal file and ~/.xscreensaver is the XScreenSaver configuration file. Without the service, both files would be of type user_home_t. The service fixes the file ~/.xscreensaver's context and sets the type to xscreensaver_config_t

Operation of the service is simple but important. If the file security context is not fixed, either the security policy is ineffective, or some tasks may be locked.

That's the new feature of selinux-2019.9.1 binary.

• ← Wiping the hard drive before installing the operating system
• Preparing to install GRUB on the GPT drive →