Re: selinux vs devtmpfs (vs udev)

From: Daniel J Walsh
Date: Wed Sep 01 2010 - 15:44:29 EST

Next message: David Rientjes: "[patch] transparent hugepage sysfs meminfo"
Previous message: Peter Zijlstra: "Re: [PATCHv11 2.6.36-rc2-tip 2/15] 2: uprobes: Breakpointinsertion/removal in user space applications."
In reply to: Kay Sievers: "Re: selinux vs devtmpfs (vs udev)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 09/01/2010 12:08 PM, Stephen Smalley wrote:
> On Tue, Aug 31, 2010 at 4:51 PM, Eric Paris <eparis@xxxxxxxxxx> wrote:
>> On Tue, 2010-08-31 at 21:32 +0200, Kay Sievers wrote:
>>> On Tue, Aug 31, 2010 at 17:49, Harald Hoyer <harald@xxxxxxxxxx> wrote:
>>>> https://bugzilla.redhat.com/show_bug.cgi?id=575128#c14
>>>> https://bugzilla.redhat.com/attachment.cgi?id=442223&format=raw
>>>>
>>>> udev/udev-node.c
>>>>
>>>> + /* set selinux file context on add events */
>>>> + if (strcmp(udev_device_get_action(dev), "add") == 0)
>>>> + udev_selinux_lsetfilecon(udev, file, mode);
>>>
>>> I can't access these bugs.
>>>
>>> Does that makes sense/work for you?
>>> http://git.kernel.org/?p=linux/hotplug/udev.git;a=commitdiff;h=326c5fc3ea684825629eccaf33a548759162a539
>>>
>>> Kay
>>
>> I ask Harald (but he wasn't around and I don't know the answer) if it is
>> a problem that this changes the behavior of non "add" events.
>> Previously a non "add" event with an incorrect mask/uid/gid would have
>> reset the SELinux context but now it will not. It fixes the issue at
>> hand, my boxes boot with everything labeled nicely, but I'm not sure if
>> there is some other corner case that expected the old behavior with
>> change events....
>
> Maybe we should back up and ask the udev folks how they think libvirt
> labeling should be done so as to not conflict with udev labeling, e.g.
> should libvirt be going through udev to assign the labels.
>
>
> --
> This message was distributed to subscribers of the selinux mailing list.
> If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
> the words "unsubscribe selinux" without quotes as the message.
>
>
Well I guess I would not want someone chcon a device and then udev
fixing the label. Especially on MLS machines.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.16 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAkx+rQMACgkQrlYvE4MpobPAkQCgt93hFUhnv9wJONN+VN62L5c5
KzYAoKbijORf9iDwDazubFJOmAux/8wY
=BbqG
-----END PGP SIGNATURE-----
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: David Rientjes: "[patch] transparent hugepage sysfs meminfo"
Previous message: Peter Zijlstra: "Re: [PATCHv11 2.6.36-rc2-tip 2/15] 2: uprobes: Breakpointinsertion/removal in user space applications."
In reply to: Kay Sievers: "Re: selinux vs devtmpfs (vs udev)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]