-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 10/19/2012 12:13 PM, Anamitra Dutta Majumdar (anmajumd) wrote:
Hi Dan,
Thanks for including this into the base policy. How can we track the back
port to RHEL6. And do you have a timeframe as to when it will get back
ported to RHEL6.
Thanks, Anamitra
It will be in RHEL6.4
It is in selinux-policy-3.7.19-174.el6
Preview is available on
On 10/19/12 3:45 AM, "Daniel J Walsh"
<dwalsh(a)redhat.com> wrote:
On 10/18/2012 03:49 PM, Anamitra Dutta Majumdar (anmajumd) wrote:
>>> Hi Stephen,
>>>
>>> Alternatively can we set the filesystem type to start with? So that
>>> the initial label is not unlabeled_t. If so where can we do this?
>>>
>>> Thanks, Anamitra
>>>
>>> On 10/18/12 12:44 PM, "Stephen Smalley" <sds(a)tycho.nsa.gov>
wrote:
>>>
>>>> On 10/18/2012 03:36 PM, Anamitra Dutta Majumdar (anmajumd) wrote:
>>>>> Hi Stephen,
>>>>>
>>>>> In the dmesg output we see the following selinux messages.
>>>>>
>>>> <snip>
>>>>> SELinux: initialized (dev dbcfs, type dbcfs), uses mountpoint
>>>>> labeling SELinux: initialized (dev dbcfs, type dbcfs), uses
>>>>> mountpoint labeling SELinux: initialized (dev dbcfs, type dbcfs),
>>>>> uses mountpoint labeling SELinux: initialized (dev dbcfs, type
>>>>> dbcfs), uses mountpoint labeling SELinux: initialized (dev dbcfs,
>>>>> type dbcfs), uses mountpoint labeling SELinux: initialized (dev
>>>>> dbcfs, type dbcfs), uses mountpoint labeling SELinux: initialized
>>>>> (dev dbcfs, type dbcfs), uses mountpoint labeling
>>>>
>>>> I assume that dbcfs is the relevant filesystem? So you are using
>>>> mountpoint labeling, i.e. passing context= to the mount command
>>>> with a specific security context to use, and the policy doesn't
>>>> know anything about this filesystem type. So its initial label is
>>>> unlabeled_t, and by passing a context= option, you are triggering a
>>>> relabelfrom check to see if the mount program is authorized to set
>>>> the context. You can just allow it in your policy. Should have
>>>> been present even in RHEL5, I think.
>>>>
>>>>
>>>
>>> -- selinux mailing list selinux(a)lists.fedoraproject.org
>>>
https://admin.fedoraproject.org/mailman/listinfo/selinux
>>>
I just added
allow mount_t unlabeled_t:filesystem relabelfrom;
To Fedora 18. Having Miroslav back port to RHEL6 and RHEL5.
-- selinux mailing list selinux(a)lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla -
http://www.enigmail.net/
iEYEARECAAYFAlCBizwACgkQrlYvE4MpobMjtACfZkS3rOx5zbBMRVVe8Vs+8Z2g
CgsAoMQht917rw8lVRoC/PHwwLq55/XA
=AUlB
-----END PGP SIGNATURE-----