-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 10/19/2012 12:13 PM, Anamitra Dutta Majumdar (anmajumd) wrote: > Hi Dan, > > Thanks for including this into the base policy. How can we track the back > port to RHEL6. And do you have a timeframe as to when it will get back > ported to RHEL6. > > Thanks, Anamitra > It will be in RHEL6.4 It is in selinux-policy-3.7.19-174.el6 Preview is available on http://people.redhat.com/dwalsh/SELinux/noarch > On 10/19/12 3:45 AM, "Daniel J Walsh" <dwalsh@xxxxxxxxxx> wrote: > > On 10/18/2012 03:49 PM, Anamitra Dutta Majumdar (anmajumd) wrote: >>>> Hi Stephen, >>>> >>>> Alternatively can we set the filesystem type to start with? So that >>>> the initial label is not unlabeled_t. If so where can we do this? >>>> >>>> Thanks, Anamitra >>>> >>>> On 10/18/12 12:44 PM, "Stephen Smalley" <sds@xxxxxxxxxxxxx> wrote: >>>> >>>>> On 10/18/2012 03:36 PM, Anamitra Dutta Majumdar (anmajumd) wrote: >>>>>> Hi Stephen, >>>>>> >>>>>> In the dmesg output we see the following selinux messages. >>>>>> >>>>> <snip> >>>>>> SELinux: initialized (dev dbcfs, type dbcfs), uses mountpoint >>>>>> labeling SELinux: initialized (dev dbcfs, type dbcfs), uses >>>>>> mountpoint labeling SELinux: initialized (dev dbcfs, type dbcfs), >>>>>> uses mountpoint labeling SELinux: initialized (dev dbcfs, type >>>>>> dbcfs), uses mountpoint labeling SELinux: initialized (dev dbcfs, >>>>>> type dbcfs), uses mountpoint labeling SELinux: initialized (dev >>>>>> dbcfs, type dbcfs), uses mountpoint labeling SELinux: initialized >>>>>> (dev dbcfs, type dbcfs), uses mountpoint labeling >>>>> >>>>> I assume that dbcfs is the relevant filesystem? So you are using >>>>> mountpoint labeling, i.e. passing context= to the mount command >>>>> with a specific security context to use, and the policy doesn't >>>>> know anything about this filesystem type. So its initial label is >>>>> unlabeled_t, and by passing a context= option, you are triggering a >>>>> relabelfrom check to see if the mount program is authorized to set >>>>> the context. You can just allow it in your policy. Should have >>>>> been present even in RHEL5, I think. >>>>> >>>>> >>>> >>>> -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx >>>> https://admin.fedoraproject.org/mailman/listinfo/selinux >>>> > I just added > > allow mount_t unlabeled_t:filesystem relabelfrom; > > To Fedora 18. Having Miroslav back port to RHEL6 and RHEL5. > > -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx > https://admin.fedoraproject.org/mailman/listinfo/selinux > > -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://www.enigmail.net/ iEYEARECAAYFAlCBizwACgkQrlYvE4MpobMjtACfZkS3rOx5zbBMRVVe8Vs+8Z2g CgsAoMQht917rw8lVRoC/PHwwLq55/XA =AUlB -----END PGP SIGNATURE----- -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
