Re: why label /dev/hugepages directory hugetlbfs_t?
On Sat, Oct 09, 2010 at 09:14:25AM -0400, Eric Paris wrote:
On Sat, 2010-10-09 at 11:43 +0200, Dominick Grift wrote:
> Why is /dev/hugepages specified to be labeled hugetlbfs_t? Any
> particular reason for this?
>
> In my branch i labelled it device_t like most directories in /dev.
>
> This makes it easier because udev does some magic
> in /lib/udev/devices(hugetables) which causes all kinds of extra
> denials if i label the hugepages dir hugetlbfs_t.
>
> For example hugetlbfs_t must associate to device_t etc. Much easier to
> just label hugepages directories at both /dev/hugepage
> and /lib/udev/devices/hugepages device_t.
>
> Also i noticed that /sys/fs/cgroup is specified to be labeled
> cgroup_t, but i think the kernel creates that directory with type
> sysfs_t. So that would mean that it needs to be restored at each
> boot-up.
/dev/hugepages and (I think) /sys/fs/cgroup are filesystem mount points
not actually files in the devfs or sysfs filesystem. So the labels are
picked probably picked up from the filesystem labeling rules at mount
time rather than from a later restorecon.
In my branch i have the directory /dev/hugepages set to device_t and this location is
labelled properly (udev or dracut did it?)
Unlike /sys/fs/cgroup directory which is set to cgroup_t but this location is not labelled
properly (sysfs_t instead of specified cgroup_t)
As to whether we need or want such labels on hugetlbfs and cgroupfs I'll
let you and Dan argue about :)
-Eric
Attachments:
- attachment.sig (application/pgp-signature — 198 bytes)