missing tmpfs_t in latest?

Tom London <selinux@xxxxxxxxx> · Tue, 3 Jan 2006 07:33:51 -0800

Running targeted, latest rawhide (e.g., selinux-policy-targeted-2.1.6-22).

Reboot in enforcing mode fails: system goes into 'disk repair' mode.

'enforcing=0' works, but many messages.

First, 'id -Z' in gnome terminal:
[tbl@tlondon ~]$ id -Z
system_u:system_r:xdm_t:SystemLow-SystemHigh
[tbl@tlondon ~]$

'audit2allow -d' shows...

[root@tlondon ~]# audit2allow -d
allow auditctl_t tmpfs_t:chr_file write;
allow auditd_t tmpfs_t:chr_file getattr;
allow auditd_t tmpfs_t:dir search;
allow cpucontrol_t tmpfs_t:chr_file write;
allow cpucontrol_t tmpfs_t:dir search;
allow cpuspeed_t tmpfs_t:chr_file getattr;
allow cpuspeed_t tmpfs_t:dir search;
allow dhcpc_t tmpfs_t:chr_file { read write };
allow dhcpc_t tmpfs_t:dir search;
allow fsadm_t tmpfs_t:blk_file ioctl;
allow fsadm_t tmpfs_t:chr_file ioctl;
allow hwclock_t tmpfs_t:chr_file getattr;
allow hwclock_t tmpfs_t:dir search;
allow ifconfig_t tmpfs_t:chr_file write;
allow klogd_t tmpfs_t:dir search;
allow klogd_t tmpfs_t:sock_file write;
allow mount_t tmpfs_t:blk_file getattr;
allow netutils_t tmpfs_t:chr_file write;
allow pam_console_t tmpfs_t:blk_file setattr;
allow pam_console_t tmpfs_t:chr_file setattr;
allow pam_console_t tmpfs_t:dir search;
allow pam_console_t tmpfs_t:lnk_file getattr;
allow portmap_t tmpfs_t:chr_file getattr;
allow portmap_t tmpfs_t:dir search;
allow syslogd_t tmpfs_t:dir add_name;
allow syslogd_t tmpfs_t:sock_file setattr;
[root@tlondon ~]#

Relabeling is borked:
[root@tlondon ~]# restorecon -v -R /tmp
file_contexts:  invalid context system_u:object_r:tmp_t
matchpathcon(/tmp) failed Invalid argument
file_contexts:  invalid context system_u:object_r:xdm_xserver_tmp_t
matchpathcon(/tmp/.X0-lock) failed Invalid argument
file_contexts:  invalid context system_u:object_r:xfs_tmp_t
matchpathcon(/tmp/.font-unix) failed Invalid argument
file_contexts:  invalid context system_u:object_r:xfs_tmp_t
matchpathcon(/tmp/.font-unix/fs7100) failed Invalid argument
[root@tlondon ~]#

tom
--
Tom London

--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list