I installed a custom udev rule in /etc/udev/rules.d/ that invokes a
shell script to backup my usb thumb drive whenever it's plugged in. The
script makes use of 'mkdir', 'find', and 'dd' to create the backup. The
backups are created in a /images/backups directory, that has the default
label 'user_u:object_r:file_t'.
When udev launches the script, I get avcs because udev isn't allowed to
write to file_t (not surprising):
avc: denied { read } for comm="find" dev=sda3 egid=0 euid=0
exe="/usr/bin/find" exit=-13 fsgid=0 fsuid=0 gid=0 items=0 name="/"
pid=4539 scontext=system_u:system_r:udev_t:s0-s0:c0.c1023 sgid=0
subj=system_u:system_r:udev_t:s0-s0:c0.c1023 suid=0 tclass=dir
tcontext=system_u:object_r:file_t:s0 tty=(none) uid=0
How should this backup directory get labeled so that udev can write to
it? Or should I create a custom file context for backup files and then
give udev_t permission to write to the backup file context?
--Mike
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
