Without this fix, the restorecon_source plugin was incorrectly applied on AVCs where a path to executable was present together with scon. But it did not reflect the actual label of the executable on the system.
The updated restorecon_source plugin reflect the current labeling on a system against a default labeling of the executable.
How to test:
chcon -t bin_t `which tmux`
sealert -a /tmp/the_log_above
And you should get
***** Plugin restorecon_source (99.5 confidence) suggests *****************
If you want to fix the label.
/usr/bin/tmux default label should be screen_exec_t.
Then you can run restorecon.
Do
# /sbin/restorecon -v /usr/bin/tmux
Without this fix, the restorecon_source plugin was incorrectly applied on AVCs where a path to executable was present together with scon. But it did not reflect the actual label of the executable on the system.
The updated restorecon_source plugin reflect the current labeling on a system against a default labeling of the executable.
How to test:
And you should get