udevsend....

Tom London selinux at comcast.net
Tue Aug 24 16:01:22 UTC 2004


The newest Rawhide udev seems to add 'udevsend' that seems to want
allow udev_t selinux_config_t:dir { search };
allow udev_t selinux_config_t:file { read };

I'm guessing that udevsend replaces the script 
/etc/dev.d/default/selinux.dev.

tom

Here are the avcs....

Aug 24 08:45:13 fedora kernel: audit(1093362313.380:0): avc:  denied  { 
search } for  pid=3905 exe=/sbin/udevsend name=selinux dev=hda2 
ino=4509743 scontext=system_u:system_r:udev_t 
tcontext=system_u:object_r:selinux_config_t tclass=dir
Aug 24 08:45:13 fedora kernel: audit(1093362313.380:0): avc:  denied  { 
read } for  pid=3905 exe=/sbin/udevsend name=config dev=hda2 ino=4509759 
scontext=system_u:system_r:udev_t 
tcontext=system_u:object_r:selinux_config_t tclass=file
Aug 24 08:45:13 fedora kernel: audit(1093362313.380:0): avc:  denied  { 
getattr
} for  pid=3905 exe=/sbin/udevsend path=/etc/selinux/config dev=hda2 
ino=4509759 scontext=system_u:system_r:udev_t 
tcontext=system_u:object_r:selinux_config_t tclass=file




More information about the fedora-selinux-list mailing list