udev file access
Daniel J Walsh
dwalsh at redhat.com
Mon Jun 11 18:16:23 UTC 2007
Michael Thomas wrote:
> I installed a custom udev rule in /etc/udev/rules.d/ that invokes a
> shell script to backup my usb thumb drive whenever it's plugged in. The
> script makes use of 'mkdir', 'find', and 'dd' to create the backup. The
> backups are created in a /images/backups directory, that has the default
> label 'user_u:object_r:file_t'.
>
> When udev launches the script, I get avcs because udev isn't allowed to
> write to file_t (not surprising):
>
> avc: denied { read } for comm="find" dev=sda3 egid=0 euid=0
> exe="/usr/bin/find" exit=-13 fsgid=0 fsuid=0 gid=0 items=0 name="/"
> pid=4539 scontext=system_u:system_r:udev_t:s0-s0:c0.c1023 sgid=0
> subj=system_u:system_r:udev_t:s0-s0:c0.c1023 suid=0 tclass=dir
> tcontext=system_u:object_r:file_t:s0 tty=(none) uid=0
>
> How should this backup directory get labeled so that udev can write to
> it? Or should I create a custom file context for backup files and then
> give udev_t permission to write to the backup file context?
>
> --Mike
>
> --
> fedora-selinux-list mailing list
> fedora-selinux-list at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
>
You could mount your usb device as udev_var_run_t and udev would be
allowed to write to it.
Or you can write custom policy.
More information about the selinux
mailing list