From: wenzong fan <wenzong.fan@windriver.com>
To: <yocto@yoctoproject.org>
Subject: Re: [PATCH v2][meta-selinux] udev: restorecon /run to allow mdadm creating /run/mdadm
Date: Wed, 8 Jul 2015 11:24:58 +0800 [thread overview]
Message-ID: <559C980A.7050907@windriver.com> (raw)
In-Reply-To: <1427096419-1105-1-git-send-email-wenzong.fan@windriver.com>
Ping ...
On 03/23/2015 03:40 PM, wenzong.fan@windriver.com wrote:
> From: Wenzong Fan <wenzong.fan@windriver.com>
>
> This change bases on the factors during bootup:
>
> a. the default type for /run is var_run_t;
> b. the type for /run will be changed to tmpfs_t after tmpfs mounted;
> c. the type for /run will be fixed after populate-volatile.sh run.
>
> udev service is started in b->c period, fix the type for /run from
> udev init script to remove:
>
> avc: denied { write } for pid=294 comm="mdadm" \
> name="/" dev="tmpfs" ino=10581 \
> scontext=system_u:system_r:mdadm_t:s0-s15:c0.c1023 \
> tcontext=system_u:object_r:tmpfs_t:s0 tclass=dir
>
> Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
> ---
> recipes-core/udev/udev/init | 3 +++
> 1 file changed, 3 insertions(+)
>
> diff --git a/recipes-core/udev/udev/init b/recipes-core/udev/udev/init
> index 66359f2..bb8b95b 100644
> --- a/recipes-core/udev/udev/init
> +++ b/recipes-core/udev/udev/init
> @@ -61,6 +61,9 @@ case "$1" in
> # /var/volatile/tmp directory to be available.
> mkdir -p /var/volatile/tmp
>
> + # restorecon /run early to allow mdadm creating dir /run/mdadm
> + test ! -x /sbin/restorecon || /sbin/restorecon -F /run
> +
> # Cache handling.
> # A list of files which are used as a criteria to judge whether the udev cache could be reused.
> CMP_FILE_LIST="/proc/version /proc/cmdline /proc/devices /proc/atags"
>
prev parent reply other threads:[~2015-07-08 3:25 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-03-23 7:40 [PATCH v2][meta-selinux] udev: restorecon /run to allow mdadm creating /run/mdadm wenzong.fan
2015-07-08 3:24 ` wenzong fan [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=559C980A.7050907@windriver.com \
--to=wenzong.fan@windriver.com \
--cc=yocto@yoctoproject.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.