On Sun, Sep 5, 2010 at 8:30 AM, Russell Coker <russell@xxxxxxxxxxxx> wrote: > I've got a problem in Debian/Squeeze that /dev/xen/evtchn isn't being labeled. > Running restorecon on /dev after boot gives it the right label, but by that > time the Xen daemons have already got themselves in a state where not much > less than a reboot will get them going again. So I decided to use the audit > system to tell me what process creates the device node. Are you using devtmpfs for /dev? If so it's probably http://marc.info/?l=selinux&m=128295028600638&w=2 The solution is to update udev or use tmpfs instead of devtmpfs for /dev. Separately, the fact that the device node file creation done by the kernel is not audited stumped me for a while too. I couldn't figure out how things were appearing in /dev. It's hard for me to decide how (or if) it should be audit'd since there is no task responsible to one should attribute the audit message. The kernel is responsible.... -Eric -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
