From mboxrd@z Thu Jan 1 00:00:00 1970 From: Luke Kenneth Casson Leighton Date: Mon, 09 Aug 2004 19:43:21 +0000 Subject: Re: lots of allow xxx_device_t device_t:filesystem { associate } Message-Id: <20040809194321.GO3868@lkcl.net> List-Id: References: <20040809175246.GK3868@lkcl.net> <1092077016.29199.166.camel@moss-spartans.epoch.ncsc.mil> <20040809190901.GM3868@lkcl.net> <1092078176.29199.179.camel@moss-spartans.epoch.ncsc.mil> In-Reply-To: <1092078176.29199.179.camel@moss-spartans.epoch.ncsc.mil> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit To: Stephen Smalley , g@lkcl.net Cc: SE-Linux , Linux Hotplug Dev List On Mon, Aug 09, 2004 at 03:02:57PM -0400, Stephen Smalley wrote: > On Mon, 2004-08-09 at 15:09, Luke Kenneth Casson Leighton wrote: > > thank you: i found this: i was more concerned that i should > > be setting mount -o fscontext=....fs_t instead? > > No, I think device_t is appropriate here. > > > allow initrc_t device_t:lnk_file { create }; > > for a symlink to be created between /proc/self/fd and /dev/fd > > > > i realise it would be better to move stuff in /etc/init.d/udev > > to a separate program, e.g. /sbin/udev-init, and to have that > > program be given a separate domain instead of having to add > > this to initrc_t. > > I already see an 'allow initrc_t device_t:lnk_file { unlink };' rule in > initrc.te related to udev operation, so this isn't too surprising. > > > allow udev_t device_t:file { getattr unlink }; > > for /sbin/udev to stat and remove /dev/null... > > /dev/null should show up as chr_file, and should be created with > null_device_t anyway. Is this actually an attempt to unlink udev.tbl? no, it's definitely an attempt to unlink /dev/null (!). and it's definitely saying device_t:file. _after_ init level 1 has completed, ls -Z /dev/null shows null_device_t on /dev/null. fuuunnn... l. ------------------------------------------------------- SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media 100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33 Save 50% off Retail on Ink & Toner - Free Shipping and Free Gift. http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285 _______________________________________________ Linux-hotplug-devel mailing list http://linux-hotplug.sourceforge.net Linux-hotplug-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/linux-hotplug-devel