From mboxrd@z Thu Jan  1 00:00:00 1970
From: Luke Kenneth Casson Leighton <lkcl@lkcl.net>
Date: Mon, 09 Aug 2004 12:36:53 +0000
Subject: Re: udev
Message-Id: <20040809123653.GG3868@lkcl.net>
List-Id: <linux-hotplug.vger.kernel.org>
References: <20040808224737.GA3825@lkcl.net>
In-Reply-To: <20040808224737.GA3825@lkcl.net>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
To: SE-Linux <selinux@tycho.nsa.gov>, Linux Hotplug Dev List <linux-hotplug-devel@lists.sourceforge.net>

these additions make it hardly necessary to add anything stackingly
significant to the selinux policy files.

in particular, no special exceptions for /dev/* because it's already
device_t by default (fscontext=....default_t)

no special stuff like having to create a udevfs_t and then going
through the policy looking for ways to add support for it *whew*.

no need to add "allow .... tmpfs_t or shmfs_t ... " stuff.

i _have_ had to add a few bits and pieces to allow init_t and initrc_t
access to /dev prior to /etc/init.d/udev starting.

i wish i knew if it was okay to swap the order of /etc/init.d/modutils
and /etc/init.d/udev.

l.

On Sun, Aug 08, 2004 at 11:47:37PM +0100, Luke Kenneth Casson Leighton wrote:

> okay, combination of patches and mods.
> 
> 1) xattr one which is  up on http://hands.com/~lkcl/selinux/2.6.6
> 
> 2) remove stuff which tells mount 'fscontext=' option to bog off
>    if it supports xattrs.
> 
>    don't know if this patch is needed, don't care either. 
>    ItWorksForMe(tm) hey for all i know i missed out an option
>    which makes it unnecessary to stop fscontext=....device_t
>    from working.
> 
> 3) make mount take option fscontext=....device_t   .... /dev
> 
> 4) patch /etc/init.d/udev _and_ /etc/init.d/modutils to call a
>    little program /sbin/restoredevicefiles.
> 
>    the horrible hack to make extra nodes in /dev needs to have
>    a restorecon done on each node so created: quickest way is
>    to do them all at once.
> 
> 5) restoredevicefiles greps everything in /dev hey i just noticed
>    it only does /dev/* not /dev/*/* oh well.
> 
>    i also had to copy /usr/bin/cut to /bin/cut hey there's probably
>    a way to do it with sed or something.


-------------------------------------------------------
This SF.Net email is sponsored by OSTG. Have you noticed the changes on
Linux.com, ITManagersJournal and NewsForge in the past few weeks? Now,
one more big change to announce. We are now OSTG- Open Source Technology
Group. Come see the changes on the new OSTG site. www.ostg.com
_______________________________________________
Linux-hotplug-devel mailing list  http://linux-hotplug.sourceforge.net
Linux-hotplug-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/linux-hotplug-devel