Stephen Smalley wrote: > On file creation, there is an associate check between the security > context of the file and the security context of the containing > filesystem. Is there anything I could read up to understand this mechanism? > In your particular case though the real issue is that you > have an unlabeled filesystem type that needs a genfscon or fs_use rule > added to your policy. Look for a log message that says something along > the lines of: > SELinux: initialized (dev ..., type ...), not configured for labeling [ 2.780406] SELinux: initialized (dev devtmpfs, type devtmpfs), not configured for labeling I think this is the new kernel-make dev filesystem that appears in .32 or so. So I need to recompile the base module to use transition SIDs, like on normal tmpfs, right? Regards, Michal Svoboda
Attachment:
pgpXZ6enubWwz.pgp
Description: PGP signature
