'unable to relabel' in /dev.... MAKEDEV-3.7-2, AVCs provided
Tom London
selinux at comcast.net
Wed Jun 16 03:32:13 UTC 2004
OK. I think I understand what is going on:
Some of the packages in the development tree do not have context labels,
that is,
'rpm -q --filecontext MAKEDEV' shows no context labels (just file names).
So the special files in /dev got created with type 'device_t'.... sigh.
I'm guessing that as we get closer to 'release' or 'update' packages
this will not be as big
a problem.
In the interim, I'll stick with running something like
rpm -ql Package | xargs restorecon
after installs/upgrades.
Its what I deserve for running off of the development tree!
thanks,
tom
Russell Coker wrote:
>On Wed, 16 Jun 2004 08:07, Tom London <selinux at comcast.net> wrote:
>
>
>>I'm confused.... restorecon.te has entries:
>>allow restorecon_t device_type:{ chr_file blk_file } { getattr
>>relabelfrom relabelto };
>>allow restorecon_t device_t:{ chr_file blk_file } { getattr relabelfrom };
>>
>>
>
>Ideally there should be no device nodes with type device_t, we should have
>correct labels assigned to all of them. Therefore changing a label from
>something in device_type to device_t is generally not desired.
>
>
>
More information about the fedora-selinux-list
mailing list