On Wed, Aug 26, 2015 at 6:47 AM, Stephen Smalley <sds@xxxxxxxxxxxxx> wrote:
device node tree. The claim is that this provides you with a workingWith devtmpfs, the kernel itself automatically populates and maintains a
/dev tree before udev comes up, and that you can even dispense with
running udev entirely on simple systems (e.g. embedded). However, it
seems like everyone continues to run udev on top of devtmpfs in Linux
distributions.
The problem of course is that the kernel has no clue how to label the
device nodes, so it is still necessary to have udev or ueventd handle
that. And with the kernel creation of the device nodes, we then have a
race condition where the device node briefly exists in the wrong, most
likely inaccessible label.
Do you know how other standard DAC permissions are configured by the kernel? The kernel must have some knowledge of how to set the UID/GID/perms/etc...
-- Nick
_______________________________________________ Selinux mailing list Selinux@xxxxxxxxxxxxx To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
