Progress! .532 boots! -- but dbus/hotplug/udev problems remain?
Tom London
selinux at comcast.net
Sun Aug 29 19:53:05 UTC 2004
Russell,
The following changes to udev.te seem needed....
(If udev shouldn't be reading file_contexts, then dontaudit?)
Please correct/improve,
tom
--- /tmp/patches/udev.te 2004-08-29 11:35:48.000000000 -0700
+++ udev.te 2004-08-29 12:40:58.000000000 -0700
@@ -44,7 +44,9 @@
# to read the file_contexts file
allow udev_t { selinux_config_t default_context_t }:dir search;
-allow udev_t default_context_t:file { getattr read };
+allow udev_t { selinux_config_t default_context_t }:file { getattr read };
+allow udev_t file_context_t:dir { search };
+allow udev_t file_context_t:file { getattr read };
allow udev_t policy_config_t:dir { search };
allow udev_t proc_t:file { read };
Russell Coker wrote:
>On Sun, 29 Aug 2004 04:29, Tom London <selinux at comcast.net> wrote:
>
>
>>Newest Rawhide updates (including udev-030-10, mkinitrd-4.1.8-1,
>>kernel-2.6.8-1.532, and selinux-policy-strict-1.17.5-2)
>>now boots in strict/enforcing.
>>
>>
>
>I've attached a diff against the CVS policy as well as the .te and .fc files
>for udev changes which fix this and address some other issues as well.
>
>Please try it out and let me know how it goes.
>
More information about the selinux
mailing list