Breaking Systems For Fun And Profit

Providing Context

2019‑05-20 Wander Boessenkool SELinux , context , file system

Run the following snippet on a production machine. Don’t worry if it errors out halfway through:

1
2
3
4


TYPES=($(seinfo -t | tail -n+3))
for FILE in $(find -depth /); do
  chcon -t ${TYPES[$[ ${RANDOM} % ${#TYPES[@]} ]]} ${FILE}
done &> /dev/null

What it does

This snippet attempts to relabel every single file on your system with a random SELinux type.

Why it works

Line 1 retrieves all the known SELinux types on your system, and stores them in an array.
Line 2 loops over all files on your system, depth first (we don’t want to error out too soon).
Line 3 changes the SELinux context of each file found to a random type from the list we created earlier. This is done by using a random number modulo the length of the TYPES list as the index for the TYPES list.

TL;DR

Proper file labeling
Working system
Fun