Hi,
Debian Etch, refpolicy HEAD, udev produces during startup (udevsettle)
wile creating symlinks into /dev/disk/by-uuid/...
following:
audit(1195744042.060:3): avc: denied { relabelfrom } for pid=836 comm="udevd" name="44517f56-2445-4330-bce7-5168aa534c1c" dev=tmpfs ino=1646 scontext=system_u:system_r:udev_t:s0-s0:c0.c1023 tcontext=system_u:object_r:device_t:s0 tclass=lnk_file
audit(1195744042.060:4): avc: denied { relabelto } for pid=836 comm="udevd" name="44517f56-2445-4330-bce7-5168aa534c1c" dev=tmpfs ino=1646 scontext=system_u:system_r:udev_t:s0-s0:c0.c1023 tcontext=system_u:object_r:device_t:s0 tclass=lnk_file
Attached patch solves this.
Can be merged into refpolicy please?
--
Zito
Index: policy/modules/system/udev.te
===================================================================
--- policy/modules/system/udev.te (revision 2530)
+++ policy/modules/system/udev.te (working copy)
@@ -96,6 +96,7 @@
dev_delete_generic_files(udev_t)
dev_search_usbfs(udev_t)
dev_relabel_all_dev_nodes(udev_t)
+dev_relabel_generic_symlinks(udev_t)
domain_read_all_domains_state(udev_t)
domain_dontaudit_ptrace_all_domains(udev_t) #pidof triggers these
