OK. I think I understand what is going on:
Some of the packages in the development tree do not have context labels, that is,
'rpm -q --filecontext MAKEDEV' shows no context labels (just file names).
So the special files in /dev got created with type 'device_t'.... sigh.
I'm guessing that as we get closer to 'release' or 'update' packages this will not be as big
a problem.
In the interim, I'll stick with running something like
rpm -ql Package | xargs restorecon
after installs/upgrades.Its what I deserve for running off of the development tree!
thanks, tom
Russell Coker wrote:
On Wed, 16 Jun 2004 08:07, Tom London <selinux@xxxxxxxxxxx> wrote:
I'm confused.... restorecon.te has entries:
allow restorecon_t device_type:{ chr_file blk_file } { getattr
relabelfrom relabelto };
allow restorecon_t device_t:{ chr_file blk_file } { getattr relabelfrom };
Ideally there should be no device nodes with type device_t, we should have correct labels assigned to all of them. Therefore changing a label from something in device_type to device_t is generally not desired.
