-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 09/01/2010 12:08 PM, Stephen Smalley wrote: > On Tue, Aug 31, 2010 at 4:51 PM, Eric Paris <eparis@xxxxxxxxxx> wrote: >> On Tue, 2010-08-31 at 21:32 +0200, Kay Sievers wrote: >>> On Tue, Aug 31, 2010 at 17:49, Harald Hoyer <harald@xxxxxxxxxx> wrote: >>>> https://bugzilla.redhat.com/show_bug.cgi?id=575128#c14 >>>> https://bugzilla.redhat.com/attachment.cgi?id=442223&format=raw >>>> >>>> udev/udev-node.c >>>> >>>> + /* set selinux file context on add events */ >>>> + if (strcmp(udev_device_get_action(dev), "add") == 0) >>>> + udev_selinux_lsetfilecon(udev, file, mode); >>> >>> I can't access these bugs. >>> >>> Does that makes sense/work for you? >>> http://git.kernel.org/?p=linux/hotplug/udev.git;a=commitdiff;h=326c5fc3ea684825629eccaf33a548759162a539 >>> >>> Kay >> >> I ask Harald (but he wasn't around and I don't know the answer) if it is >> a problem that this changes the behavior of non "add" events. >> Previously a non "add" event with an incorrect mask/uid/gid would have >> reset the SELinux context but now it will not. It fixes the issue at >> hand, my boxes boot with everything labeled nicely, but I'm not sure if >> there is some other corner case that expected the old behavior with >> change events.... > > Maybe we should back up and ask the udev folks how they think libvirt > labeling should be done so as to not conflict with udev labeling, e.g. > should libvirt be going through udev to assign the labels. > > > -- > This message was distributed to subscribers of the selinux mailing list. > If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with > the words "unsubscribe selinux" without quotes as the message. > > Well I guess I would not want someone chcon a device and then udev fixing the label. Especially on MLS machines. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.16 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAkx+rQMACgkQrlYvE4MpobPAkQCgt93hFUhnv9wJONN+VN62L5c5 KzYAoKbijORf9iDwDazubFJOmAux/8wY =BbqG -----END PGP SIGNATURE----- -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
