From mboxrd@z Thu Jan 1 00:00:00 1970 From: Luke Kenneth Casson Leighton Date: Tue, 03 Aug 2004 08:27:52 +0000 Subject: Re: Bug#263079: udev: missing mknod on ppp Message-Id: <20040803082752.GA3504@lkcl.net> List-Id: References: <20040802224118.GA18849@wonderland.linux.it> <20040802231534.GB16238@lkcl.net> <20040802231148.GA19178@wonderland.linux.it> In-Reply-To: <20040802231148.GA19178@wonderland.linux.it> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit To: Marco d'Itri Cc: 263079@bugs.debian.org, linux-hotplug-devel@lists.sourceforge.net, SE-Linux On Tue, Aug 03, 2004 at 01:11:48AM +0200, Marco d'Itri wrote: > On Aug 03, Luke Kenneth Casson Leighton wrote: > > > thank you for pointing me at the README.Debian because it makes clear > > that for SE/Linux there are certain /dev entries that may not get > > fired up by udev, and consequently won't have se/linux permissions set! > On debian, *all* devices are supposed to be created by udev if udev is > installed (because /dev is a tmpfs). > I don't know why /dev/ppp is not being created on your system. this could have something to do with it: it looks like udev is not quick enough to create the device node in time for pppd to use it. Aug 3 09:18:49 localhost udev[3255]: creating device node '/dev/ttyUSB0' Aug 3 09:18:54 localhost pppd[3258]: pppd is unable to open the /dev/ppp device. You need to create the /dev/ppp device node by executing the following command as root: ^Imknod /dev/ppp c 108 0 Aug 3 09:19:02 localhost kernel: CSLIP: code copyright 1989 Regents of the University of California Aug 3 09:19:02 localhost kernel: PPP generic driver version 2.4.2 Aug 3 09:19:02 localhost pppd[3270]: pppd 2.4.2 started by root, uid 0 Aug 3 09:19:02 localhost udev[3269]: creating device node '/dev/ppp' > > > i've had to modify /etc/init.d/udev to do a manual /sbin/restorecon on > > all entries listed in /etc/udev/links.conf. > This is a special-case, links.conf is supposed to be used *only* to > create some symlinks and directories. I do not know enough about SE > Linux to tell how it should be integrated with this. i do. i've patched my kernel to have tmpfs(shmfs) support se/linux attributes. _anything_ that goes into the /dev-mounted tmpfs _must_ have selinux attributes set on them. in the case of a persistent filesystem (ext2 etc) those attributes can be set once, and subsequently ignored. of course, with a tmpfs, then it's a bit like saying it's okay to create entries in /dev with chmod 0000 and not calling chgrp, we'll do it later sort of thing. so any symlinks and directories, also you _must_ call /sbin/restorecon or some equivalent. i've patched udev-0.030 to do likewise: all inodes, all directories (including subdirectories) and all symlinks in fact all creates, are now created with the correct selinux context. > > > i have some vague and rushed recollection of forcibly doing an > > /sbin/restorecon in /etc/init.d/modutils, too. > /etc/init.d/modutils is 2.4.x stuff. > > > the issue is, therefore that /etc/init.d/modutils will endeavour to > > manually install modules at startup - even before udev is run - and > > it doesn't bother to set the selinux permissions. > No, it will not: udev is run S04 and module-init-tools at S20 of rcS.d. hm, then should that order be reversed, or do you think that module-init-tools should be fixed? (or other) l. ------------------------------------------------------- This SF.Net email is sponsored by OSTG. Have you noticed the changes on Linux.com, ITManagersJournal and NewsForge in the past few weeks? Now, one more big change to announce. We are now OSTG- Open Source Technology Group. Come see the changes on the new OSTG site. www.ostg.com _______________________________________________ Linux-hotplug-devel mailing list http://linux-hotplug.sourceforge.net Linux-hotplug-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/linux-hotplug-devel