Re: 'allow XXXX udev_tdb_t:dir r_dir_perms' needed...

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, 23 Dec 2004 21:36:42 +1100, Russell Coker <russell@xxxxxxxxxxxx> wrote:
> On Thursday 23 December 2004 15:12, Tom London <selinux@xxxxxxxxx> wrote:
> > Here's what seems to get rhgb and X running again:
> >
> > global_macros.te:
> > allow $1_t { self proc_t }:dir r_dir_perms;
> > allow $1_t { self proc_t }:lnk_file read;
> >
> > +allow $1_t { device_t udev_tdb_t }:dir { getattr search };
> 
> The problem is that the directory should have type device_t not udev_tdb_t.
> The recent trend has been to label all directories under /dev as device_t.
> 
> -file_type_auto_trans(udev_t, device_t, udev_tdb_t, { file dir })
> +file_type_auto_trans(udev_t, device_t, udev_tdb_t, file)
> 
> If the above change is made to udev.te and the below change is made to udev.fc
> then everything will work well.  This is the easiest and simplest change that
> preserves expected functionality.
> 
> -/dev/\.udev\.tdb(/.*)? system_u:object_r:udev_tdb_t
> +/dev/\.udev\.tdb/.* -- system_u:object_r:udev_tdb_t
> 
> I assume that the file names in directory /dev/.udev.tdb don't give anything
> away - otherwise the directory surely wouldn't have mode 0755...
> 
> --
> 

Russell, Dan,

Yes, this fixes it, even the user_t accesses.

Thanks!

tom

-- 
Tom London


[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux