Hi Dan, Thanks for including this into the base policy. How can we track the back port to RHEL6. And do you have a timeframe as to when it will get back ported to RHEL6. Thanks, Anamitra On 10/19/12 3:45 AM, "Daniel J Walsh" <dwalsh@xxxxxxxxxx> wrote: >-----BEGIN PGP SIGNED MESSAGE----- >Hash: SHA1 > >On 10/18/2012 03:49 PM, Anamitra Dutta Majumdar (anmajumd) wrote: >> Hi Stephen, >> >> Alternatively can we set the filesystem type to start with? So that the >> initial label is not unlabeled_t. If so where can we do this? >> >> Thanks, Anamitra >> >> On 10/18/12 12:44 PM, "Stephen Smalley" <sds@xxxxxxxxxxxxx> wrote: >> >>> On 10/18/2012 03:36 PM, Anamitra Dutta Majumdar (anmajumd) wrote: >>>> Hi Stephen, >>>> >>>> In the dmesg output we see the following selinux messages. >>>> >>> <snip> >>>> SELinux: initialized (dev dbcfs, type dbcfs), uses mountpoint >>>>labeling >>>> SELinux: initialized (dev dbcfs, type dbcfs), uses mountpoint >>>>labeling >>>> SELinux: initialized (dev dbcfs, type dbcfs), uses mountpoint >>>>labeling >>>> SELinux: initialized (dev dbcfs, type dbcfs), uses mountpoint >>>>labeling >>>> SELinux: initialized (dev dbcfs, type dbcfs), uses mountpoint >>>>labeling >>>> SELinux: initialized (dev dbcfs, type dbcfs), uses mountpoint >>>>labeling >>>> SELinux: initialized (dev dbcfs, type dbcfs), uses mountpoint labeling >>> >>> I assume that dbcfs is the relevant filesystem? So you are using >>> mountpoint labeling, i.e. passing context= to the mount command with a >>> specific security context to use, and the policy doesn't know anything >>> about this filesystem type. So its initial label is unlabeled_t, and >>>by >>> passing a context= option, you are triggering a relabelfrom check to >>>see >>> if the mount program is authorized to set the context. You can just >>> allow it in your policy. Should have been present even in RHEL5, I >>> think. >>> >>> >> >> -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx >> https://admin.fedoraproject.org/mailman/listinfo/selinux >> >I just added > >allow mount_t unlabeled_t:filesystem relabelfrom; > >To Fedora 18. Having Miroslav back port to RHEL6 and RHEL5. >-----BEGIN PGP SIGNATURE----- >Version: GnuPG v1.4.12 (GNU/Linux) >Comment: Using GnuPG with Mozilla - http://www.enigmail.net/ > >iEYEARECAAYFAlCBL2cACgkQrlYvE4MpobOgTwCg6uHLbb2vAECUNzZ0w3cUXxOH >iyoAn2XTMuAGWk2rNVKo3eZgFXnT0U+H >=9LVr >-----END PGP SIGNATURE----- -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
