Hello, The genfscon policy statement has an argument "partial_path" which can be used to use specialized contexts for subpaths inside a file system. However, the documentation mentions that this can only be used for the proc filesystem. Is this really the case, and if yes, why? I'd like to use it for the sysfs. The motivation for this is that both the Fedora and the Gentoo policy have cpu_online_t for /sys/devices/system/cpu/online, as this file is accessed by all applications linked to a recent glibc and therefore needs wider access permissions than the normal sysfs_t. Currently, the context is changed at startup via an init script, which is a bit of a hack. It would be neat if a genfscon statement could be used for that. Is this currently possible or would it require changes to the kernel and/or the selinux libraries? Regards, Luis Ressel
Attachment:
signature.asc
Description: PGP signature
_______________________________________________ Selinux mailing list Selinux@xxxxxxxxxxxxx To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
