On Sun, Aug 22, 2004 at 11:05:27AM -0400, Joshua Brindle wrote: > I posted a patch here that pebenito did a while back for ramfs and lkcl > also did one for tmpfs (which may be better for /dev since it's swappable) > both are mostly cut and paste jobs but they add the necessary support. > > I'd like to reiterate though, that udev support for selinux is *broken*! > if the correct policy isn't in place you will cause race conditions udev is so completely full of race conditions - known to the developers even _without_ selinux - that the general consensus seems to be that a few more really won't hurt. plus, i patched udev (0.030) to add in proper support for selinux (attached previously in first response to russell's post). that patch ensures (without saving any extra time) that the device inodes created, and any directories, _and_ any symlinks (which the /etc/udev/default/selinux thing most definitely didn't do) all use setfscreatecon rather than doing a restorecon-or-equiv. without this patch you will most likely come across issues or end up developing an incorrect policy (that ended up with a mismatch of default permissions from file_contexts for subdirectories and symlinks). joshua, when you used ramfs, can you remember what the fscontext was for /dev when it was mounted? l.
