On Tue, 2012-05-01 at 08:55 +0100, Frank Murphy wrote: > On 30/04/12 18:24, Daniel J Walsh wrote: > > > > > Yes please open a bug on systemd to check if a context is the same as the > > context it is going to set, and then don't set it. > > > > https://bugzilla.redhat.com/show_bug.cgi?id=817765 > > The avc denials you enclosed in that bz do not support the bug. They only have the "relabelfrom" and not the "relabelto" ones: [ 8.566136] type=1400 audit(1335687882.859:7): avc: denied { relabelfrom } for pid=489 comm="systemd-tmpfile" name="lp2" dev="devtmpfs" ino=11419 scontext=system_u:system_r:systemd_tmpfiles_t:s0 tcontext=system_u:object_r:printer_device_t:s0 tclass=chr_file [ 8.588374] type=1400 audit(1335687882.881:8): avc: denied { relabelto } for pid=489 comm="systemd-tmpfile" name="lp2" dev="devtmpfs" ino=11419 scontext=system_u:system_r:systemd_tmpfiles_t:s0 tcontext=system_u:object_r:printer_device_t:s0 tclass=chr_file The above shows the issue -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
