From: Luke Kenneth Casson Leighton <lkcl@lkcl.net>
To: Stephen Smalley <sds@epoch.ncsc.mil>, g@lkcl.net
Cc: SE-Linux <selinux@tycho.nsa.gov>,
Linux Hotplug Dev List
<linux-hotplug-devel@lists.sourceforge.net>
Subject: Re: lots of allow xxx_device_t device_t:filesystem { associate }
Date: Mon, 09 Aug 2004 19:43:21 +0000 [thread overview]
Message-ID: <20040809194321.GO3868@lkcl.net> (raw)
In-Reply-To: <1092078176.29199.179.camel@moss-spartans.epoch.ncsc.mil>
On Mon, Aug 09, 2004 at 03:02:57PM -0400, Stephen Smalley wrote:
> On Mon, 2004-08-09 at 15:09, Luke Kenneth Casson Leighton wrote:
> > thank you: i found this: i was more concerned that i should
> > be setting mount -o fscontext=....fs_t instead?
>
> No, I think device_t is appropriate here.
>
> > allow initrc_t device_t:lnk_file { create };
> > for a symlink to be created between /proc/self/fd and /dev/fd
> >
> > i realise it would be better to move stuff in /etc/init.d/udev
> > to a separate program, e.g. /sbin/udev-init, and to have that
> > program be given a separate domain instead of having to add
> > this to initrc_t.
>
> I already see an 'allow initrc_t device_t:lnk_file { unlink };' rule in
> initrc.te related to udev operation, so this isn't too surprising.
>
> > allow udev_t device_t:file { getattr unlink };
> > for /sbin/udev to stat and remove /dev/null...
>
> /dev/null should show up as chr_file, and should be created with
> null_device_t anyway. Is this actually an attempt to unlink udev.tbl?
no, it's definitely an attempt to unlink /dev/null (!).
and it's definitely saying device_t:file.
_after_ init level 1 has completed, ls -Z /dev/null shows
null_device_t on /dev/null.
fuuunnn...
l.
-------------------------------------------------------
SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media
100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33
Save 50% off Retail on Ink & Toner - Free Shipping and Free Gift.
http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285
_______________________________________________
Linux-hotplug-devel mailing list http://linux-hotplug.sourceforge.net
Linux-hotplug-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/linux-hotplug-devel
next prev parent reply other threads:[~2004-08-09 19:43 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20040809175246.GK3868@lkcl.net>
[not found] ` <1092077016.29199.166.camel@moss-spartans.epoch.ncsc.mil>
2004-08-09 18:59 ` lots of allow xxx_device_t device_t:filesystem { associate } Luke Kenneth Casson Leighton
2004-08-09 19:02 ` Stephen Smalley
2004-08-09 19:43 ` Luke Kenneth Casson Leighton [this message]
2004-08-10 6:45 ` Russell Coker
2004-08-10 12:45 ` Luke Kenneth Casson Leighton
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20040809194321.GO3868@lkcl.net \
--to=lkcl@lkcl.net \
--cc=g@lkcl.net \
--cc=linux-hotplug-devel@lists.sourceforge.net \
--cc=sds@epoch.ncsc.mil \
--cc=selinux@tycho.nsa.gov \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).