Why is /dev/hugepages specified to be labeled hugetlbfs_t? Any particular reason for this?
In my branch i labelled it device_t like most directories in /dev.
This makes it easier because udev does some magic in /lib/udev/devices(hugetables) which
causes all kinds of extra denials if i label the hugepages dir hugetlbfs_t.
For example hugetlbfs_t must associate to device_t etc. Much easier to just label
hugepages directories at both /dev/hugepage and /lib/udev/devices/hugepages device_t.
Also i noticed that /sys/fs/cgroup is specified to be labeled cgroup_t, but i think the
kernel creates that directory with type sysfs_t. So that would mean that it needs to be
restored at each boot-up.
Show replies by date