dear fedora-selinux people,
i am not subscribed to the fedora-selinux list so am just going through
the archives looking for bits i may have missed.
regarding this:
> udev is so completely full of race conditions - known to the
> developers even _without_ selinux - that the general consensus
> seems to be that a few more really won't hurt.
Huh? I know of no such thing.
Without SELinux, and with the recent patch on the hotplug mailing
list,
I know of no race conditions in the current udev code.
the present (0.030's /etc/udev.d/default/selinux script and past
(0.024 built-in)selinux udev support allows for a race condition
in between the creation of the inode (with its default, per-directory
selinux context being used) and the context being properly set
(with /sbin/restorecon in the case of 0.030 and with setfilecon()
in the case of 0.024).
that's why i added code to use setfscreatecon().
the debian maintainer for udev is under the impression that udev has
stacks of race conditions: if that isn't actually the case, then great!
l.