Wrong SELinux permissions #24

Mant1kor commented 2019年10月18日 20:49:45 +02:00 (Migrated from github.com)

BookStackApp/devops@c85b867acb/scripts/installation-centos-7.sh (L132-L135)
chcon - it's a time bomb. Any system update with restorecon command, or .autorelabel file will restore SELinux context to default and break BookStack.
Use way in my pull request, or fix this by you own.

https://github.com/BookStackApp/devops/blob/c85b867acb3b620f69dcdc0a4256aaafd2c58308/scripts/installation-centos-7.sh#L132-L135 `chcon` - it's a [time bomb](https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/selinux_users_and_administrators_guide/sect-security-enhanced_linux-working_with_selinux-selinux_contexts_labeling_files#sect-Security-Enhanced_Linux-SELinux_Contexts_Labeling_Files-Temporary_Changes_chcon). Any system update with `restorecon` command, or `.autorelabel` file will restore SELinux context to default and break BookStack. Use way in my pull request, or fix this [by you own](https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/selinux_users_and_administrators_guide/sect-security-enhanced_linux-working_with_selinux-selinux_contexts_labeling_files#sect-Security-Enhanced_Linux-SELinux_Contexts_Labeling_Files-Persistent_Changes_semanage_fcontext).

ssddanbrown commented 2021年09月25日 22:49:08 +02:00 (Migrated from github.com)

Thanks for reporting, I've now removed this script from this repo so this is no longer relevant.

Thanks for reporting, I've now removed this script from this repo so this is no longer relevant.