On Sat, 2010-10-09 at 11:43 +0200, Dominick Grift wrote: > Why is /dev/hugepages specified to be labeled hugetlbfs_t? Any > particular reason for this? > > In my branch i labelled it device_t like most directories in /dev. > > This makes it easier because udev does some magic > in /lib/udev/devices(hugetables) which causes all kinds of extra > denials if i label the hugepages dir hugetlbfs_t. > > For example hugetlbfs_t must associate to device_t etc. Much easier to > just label hugepages directories at both /dev/hugepage > and /lib/udev/devices/hugepages device_t. > > Also i noticed that /sys/fs/cgroup is specified to be labeled > cgroup_t, but i think the kernel creates that directory with type > sysfs_t. So that would mean that it needs to be restored at each > boot-up. /dev/hugepages and (I think) /sys/fs/cgroup are filesystem mount points not actually files in the devfs or sysfs filesystem. So the labels are picked probably picked up from the filesystem labeling rules at mount time rather than from a later restorecon. As to whether we need or want such labels on hugetlbfs and cgroupfs I'll let you and Dan argue about :) -Eric -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
