Re: udev file access

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Michael Thomas wrote:
I installed a custom udev rule in /etc/udev/rules.d/ that invokes a
shell script to backup my usb thumb drive whenever it's plugged in.  The
script makes use of 'mkdir', 'find', and 'dd' to create the backup.  The
backups are created in a /images/backups directory, that has the default
label 'user_u:object_r:file_t'.

When udev launches the script, I get avcs because udev isn't allowed to
write to file_t (not surprising):

avc: denied { read } for comm="find" dev=sda3 egid=0 euid=0
exe="/usr/bin/find" exit=-13 fsgid=0 fsuid=0 gid=0 items=0 name="/"
pid=4539 scontext=system_u:system_r:udev_t:s0-s0:c0.c1023 sgid=0
subj=system_u:system_r:udev_t:s0-s0:c0.c1023 suid=0 tclass=dir
tcontext=system_u:object_r:file_t:s0 tty=(none) uid=0

How should this backup directory get labeled so that udev can write to
it?  Or should I create a custom file context for backup files and then
give udev_t permission to write to the backup file context?

--Mike

--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
You could mount your usb device as udev_var_run_t and udev would be allowed to write to it.
Or you can write custom policy.

--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list

[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux