NFS Update and SELinux
Daniel J Walsh
dwalsh at redhat.com
Tue Nov 6 15:27:41 UTC 2007
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Richi Plana wrote:
> Hi, Daniel.
>
> On Thu, 2007-11-01 at 13:58 -0400, Daniel J Walsh wrote:
>> Please attach avc messages?
>>
>> These devices should be labeled usb_device_t
>
> Thanks for the tip.
>
> Well, after reading your email, I checked the context and it's
> definitely labeled "device_t". I looked at my selinux file_contexts and
> the closest match for /dev/usbmon? was /dev/.* (which gave it a context
> of device_t).
>
> More info:
>
> selinux-policy-targeted-2.6.4-48.fc7
>
> I haven't edited it. And:
>
> # ll -Z /dev/usb*
> lrwxrwxrwx root root
> system_u:object_r:device_t /dev/usbdev1.1_ep00 ->
> bus/usb/1/1_ep/00
> lrwxrwxrwx root root
> system_u:object_r:device_t /dev/usbdev1.1_ep81 ->
> bus/usb/1/1_ep/81
> lrwxrwxrwx root root
> system_u:object_r:device_t /dev/usbdev1.2_ep00 ->
> bus/usb/1/2_ep/00
> lrwxrwxrwx root root
> system_u:object_r:device_t /dev/usbdev1.2_ep81 ->
> bus/usb/1/2_ep/81
> lrwxrwxrwx root root
> system_u:object_r:device_t /dev/usbdev2.1_ep00 ->
> bus/usb/2/1_ep/00
> lrwxrwxrwx root root
> system_u:object_r:device_t /dev/usbdev2.1_ep81 ->
> bus/usb/2/1_ep/81
> crw------- root root system_u:object_r:device_t /dev/usbmon0
> crw------- root root system_u:object_r:device_t /dev/usbmon1
> crw------- root root system_u:object_r:device_t /dev/usbmon2
>
> FYI.
>
> Thanks!
> --
>
> Richi Plana
>
Ok please update to the latest fc7 policy.
selinux-policy-2.6.4-53.fc7 is in testing.
I definitely see a path match for this in there.
grep usbmon policy-20070501.patch
+/dev/usbmon[0-9]+ -c
gen_context(system_u:object_r:usb_device_t,s0)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iD8DBQFHMIftrlYvE4MpobMRAkgdAKCm8fRWlWQDWUmkMDHvGRNdk1+CfwCfXlJg
PJ6V75ukrSeM2iwOwX0rvoI=
=up/s
-----END PGP SIGNATURE-----
More information about the devel
mailing list