Why is /dev/hugepages specified to be labeled hugetlbfs_t? Any particular reason for this? In my branch i labelled it device_t like most directories in /dev. This makes it easier because udev does some magic in /lib/udev/devices(hugetables) which causes all kinds of extra denials if i label the hugepages dir hugetlbfs_t. For example hugetlbfs_t must associate to device_t etc. Much easier to just label hugepages directories at both /dev/hugepage and /lib/udev/devices/hugepages device_t. Also i noticed that /sys/fs/cgroup is specified to be labeled cgroup_t, but i think the kernel creates that directory with type sysfs_t. So that would mean that it needs to be restored at each boot-up.
Attachment:
pgpnbCuMHHeSJ.pgp
Description: PGP signature
-- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
