After already receiving some help with my newrole-problem I have run into the next problem. It does not appear when I compile the policy as standard-policy, but I run into it when I build a MLS-policy. The problem I have is that device-mapper throws some security transition-error (which btw. does not appear in audit2allow, but only shows during boot and in dmesg). The reason for that is, as I believe, that my /dev is labeled as tmpfs_t, which is not the right label. Manually relabeling it doesn't help, on the next reboot, when udev starts its magic, it gets turned into tmpfs_t again. This problem of course prevents me to boot into enforcing-mode when using MLS. Does anybody know where this problem is? Is it udev? I already compiled it with SELinux-support, but /dev is always tmpfs_t. As said, I suspect udev here, but of course I might be wrong.
Attachment:
signature.asc
Description: This is a digitally signed message part.
