From: guido@trentalancia.com (Guido Trentalancia)
Date: Sun, 05 Aug 2012 03:06:31 +0200
Subject: [refpolicy] [PATCH]: force a label on the fc_sort executable
Message-ID: <201208050106.q7516Vog005937@vivaldi08.register.it>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

Force a bin_t label on the fc_sort executable after creating it, to avoid possible
execution denials under certain conditions.

Signed-off-by: Guido Trentalancia <guido@trentalancia.com>
---
 Makefile |    1 +
 1 file changed, 1 insertion(+)

--- refpolicy-04062012/Makefile	2012-05-29 21:13:09.413703575 +0200
+++ refpolicy-04062012-chcon-fc_sort/Makefile	2012-08-04 21:35:57.396092798 +0200
@@ -400,6 +400,7 @@ $(mod_conf) $(booleans): $(polxml)
 #
 $(fcsort) : $(support)/fc_sort.c
 	$(verbose) $(CC) $(CFLAGS) $^ -o $@
+	chcon system_u:object_r:bin_t:s0 $(tmpdir)/fc_sort
 
 ########################################
 #