dear fedora-selinux people, i am not subscribed to the fedora-selinux list so am just going through the archives looking for bits i may have missed. regarding this: > > udev is so completely full of race conditions - known to the > > developers even _without_ selinux - that the general consensus > > seems to be that a few more really won't hurt. > Huh? I know of no such thing. > Without SELinux, and with the recent patch on the hotplug mailing list, > I know of no race conditions in the current udev code. the present (0.030's /etc/udev.d/default/selinux script and past (0.024 built-in)selinux udev support allows for a race condition in between the creation of the inode (with its default, per-directory selinux context being used) and the context being properly set (with /sbin/restorecon in the case of 0.030 and with setfilecon() in the case of 0.024). that's why i added code to use setfscreatecon(). the debian maintainer for udev is under the impression that udev has stacks of race conditions: if that isn't actually the case, then great! l.
