why label /dev/hugepages directory hugetlbfs_t?
Dominick Grift
domg472 at gmail.com
Sat Oct 9 09:43:56 UTC 2010
Why is /dev/hugepages specified to be labeled hugetlbfs_t? Any particular reason for this?
In my branch i labelled it device_t like most directories in /dev.
This makes it easier because udev does some magic in /lib/udev/devices(hugetables) which causes all kinds of extra denials if i label the hugepages dir hugetlbfs_t.
For example hugetlbfs_t must associate to device_t etc. Much easier to just label hugepages directories at both /dev/hugepage and /lib/udev/devices/hugepages device_t.
Also i noticed that /sys/fs/cgroup is specified to be labeled cgroup_t, but i think the kernel creates that directory with type sysfs_t. So that would mean that it needs to be restored at each boot-up.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
Url : http://lists.fedoraproject.org/pipermail/selinux/attachments/20101009/af0b9f8b/attachment.bin
More information about the selinux
mailing list