* [PATCH v2][meta-selinux] udev: restorecon /run to allow mdadm creating /run/mdadm
@ 2015-03-23 7:40 wenzong.fan
2015-07-08 3:24 ` wenzong fan
0 siblings, 1 reply; 2+ messages in thread
From: wenzong.fan @ 2015-03-23 7:40 UTC (permalink / raw)
To: yocto
From: Wenzong Fan <wenzong.fan@windriver.com>
This change bases on the factors during bootup:
a. the default type for /run is var_run_t;
b. the type for /run will be changed to tmpfs_t after tmpfs mounted;
c. the type for /run will be fixed after populate-volatile.sh run.
udev service is started in b->c period, fix the type for /run from
udev init script to remove:
avc: denied { write } for pid=294 comm="mdadm" \
name="/" dev="tmpfs" ino=10581 \
scontext=system_u:system_r:mdadm_t:s0-s15:c0.c1023 \
tcontext=system_u:object_r:tmpfs_t:s0 tclass=dir
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
---
recipes-core/udev/udev/init | 3 +++
1 file changed, 3 insertions(+)
diff --git a/recipes-core/udev/udev/init b/recipes-core/udev/udev/init
index 66359f2..bb8b95b 100644
--- a/recipes-core/udev/udev/init
+++ b/recipes-core/udev/udev/init
@@ -61,6 +61,9 @@ case "$1" in
# /var/volatile/tmp directory to be available.
mkdir -p /var/volatile/tmp
+ # restorecon /run early to allow mdadm creating dir /run/mdadm
+ test ! -x /sbin/restorecon || /sbin/restorecon -F /run
+
# Cache handling.
# A list of files which are used as a criteria to judge whether the udev cache could be reused.
CMP_FILE_LIST="/proc/version /proc/cmdline /proc/devices /proc/atags"
--
1.9.1
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [PATCH v2][meta-selinux] udev: restorecon /run to allow mdadm creating /run/mdadm
2015-03-23 7:40 [PATCH v2][meta-selinux] udev: restorecon /run to allow mdadm creating /run/mdadm wenzong.fan
@ 2015-07-08 3:24 ` wenzong fan
0 siblings, 0 replies; 2+ messages in thread
From: wenzong fan @ 2015-07-08 3:24 UTC (permalink / raw)
To: yocto
Ping ...
On 03/23/2015 03:40 PM, wenzong.fan@windriver.com wrote:
> From: Wenzong Fan <wenzong.fan@windriver.com>
>
> This change bases on the factors during bootup:
>
> a. the default type for /run is var_run_t;
> b. the type for /run will be changed to tmpfs_t after tmpfs mounted;
> c. the type for /run will be fixed after populate-volatile.sh run.
>
> udev service is started in b->c period, fix the type for /run from
> udev init script to remove:
>
> avc: denied { write } for pid=294 comm="mdadm" \
> name="/" dev="tmpfs" ino=10581 \
> scontext=system_u:system_r:mdadm_t:s0-s15:c0.c1023 \
> tcontext=system_u:object_r:tmpfs_t:s0 tclass=dir
>
> Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
> ---
> recipes-core/udev/udev/init | 3 +++
> 1 file changed, 3 insertions(+)
>
> diff --git a/recipes-core/udev/udev/init b/recipes-core/udev/udev/init
> index 66359f2..bb8b95b 100644
> --- a/recipes-core/udev/udev/init
> +++ b/recipes-core/udev/udev/init
> @@ -61,6 +61,9 @@ case "$1" in
> # /var/volatile/tmp directory to be available.
> mkdir -p /var/volatile/tmp
>
> + # restorecon /run early to allow mdadm creating dir /run/mdadm
> + test ! -x /sbin/restorecon || /sbin/restorecon -F /run
> +
> # Cache handling.
> # A list of files which are used as a criteria to judge whether the udev cache could be reused.
> CMP_FILE_LIST="/proc/version /proc/cmdline /proc/devices /proc/atags"
>
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2015-07-08 3:25 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2015-03-23 7:40 [PATCH v2][meta-selinux] udev: restorecon /run to allow mdadm creating /run/mdadm wenzong.fan
2015-07-08 3:24 ` wenzong fan
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.