Progress! .532 boots! -- but dbus/hotplug/udev problems remain?
Daniel J Walsh
dwalsh at redhat.com
Mon Aug 30 18:20:32 UTC 2004
Tom London wrote:
> Russell,
>
> The following changes to udev.te seem needed....
> (If udev shouldn't be reading file_contexts, then dontaudit?)
>
udev needs to read file_contexts. It is doing a matchpathcon in order
to setup the devices with the correct context.
> Please correct/improve,
> tom
>
> --- /tmp/patches/udev.te 2004-08-29 11:35:48.000000000 -0700
> +++ udev.te 2004-08-29 12:40:58.000000000 -0700
> @@ -44,7 +44,9 @@
>
> # to read the file_contexts file
> allow udev_t { selinux_config_t default_context_t }:dir search;
> -allow udev_t default_context_t:file { getattr read };
> +allow udev_t { selinux_config_t default_context_t }:file { getattr
> read };
> +allow udev_t file_context_t:dir { search };
> +allow udev_t file_context_t:file { getattr read };
>
> allow udev_t policy_config_t:dir { search };
> allow udev_t proc_t:file { read };
>
>
> Russell Coker wrote:
>
>> On Sun, 29 Aug 2004 04:29, Tom London <selinux at comcast.net> wrote:
>>
>>
>>> Newest Rawhide updates (including udev-030-10, mkinitrd-4.1.8-1,
>>> kernel-2.6.8-1.532, and selinux-policy-strict-1.17.5-2)
>>> now boots in strict/enforcing.
>>>
>>
>>
>> I've attached a diff against the CVS policy as well as the .te and
>> .fc files for udev changes which fix this and address some other
>> issues as well.
>>
>> Please try it out and let me know how it goes.
>>
> --
> fedora-selinux-list mailing list
> fedora-selinux-list at redhat.com
> http://www.redhat.com/mailman/listinfo/fedora-selinux-list
More information about the fedora-selinux-list
mailing list