Question Overflow asked:
I have created a few symbolic links to replace some broken links in
/etc/pam.d. The original links have
system_u as the user. The newly created ones somehow have
unconfined_u as the user. I am not sure if there is any security implications to this though the target files all have
system_u as the user.
I tried the following:
# restorecon -v thefilename
# chcon -v -u system_u thefilename
Both methods do not lead to any change to the user in SELinux security context. Why is that so? Is there any security risk if I don’t change the user? And how to make the change?
The SELinux user is ignored in the default
targeted policy. It is fine to leave them as is, unless you plan to use the
mls policies, or use confined users.
As for changing the context of a symbolic link, you need to use the
-h option to
chcon so that it changes the context of the symlink, rather than the file to which it points.
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.