Running the latest rawhide I get AVC messages indicating that /bin/udev (not /sbin/udev) is running in kernel_t during the early stages of system boot. /bin/udev is the file name used in the initrd! So it seems that after the SE Linux policy is loaded (IE after /sbin/init has been run from the main root fs) there is still a copy of udev from the initrd being run. This seems to be a bug in initrd that could lead to inconsistent behaviour. I'm not sure how this comes about (and of course apart from SE Linux messages in the kernel message log all the evidence is gone by the time the system is ready to login). Any suggestions on how to debug this? -- http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/ Postal SMTP/POP benchmark http://www.coker.com.au/~russell/ My home page
