| 1 |
On Mon, 17 Feb 2014 19:24:51 +0000 |
| 2 |
Sven Vermeulen <swift@g.o> wrote: |
| 3 |
|
| 4 |
> The init script approach is what most distributions are doing. We also |
| 5 |
> relabel cpu/online in the selinux_gentoo init script. |
| 6 |
> |
| 7 |
> But the approach you mentioned on the other mailinglist (regarding |
| 8 |
> reusing the statement already in use for /proc stuff) seems like a |
| 9 |
> valid case - interesting to see what's going to happen ;) |
| 10 |
|
| 11 |
Yes, I'm trying to find better technical solutions than the init script |
| 12 |
approach, both for cpu_online_t and for the sysfs access. I've just |
| 13 |
written a kernel patch to make the sysfs gid configurable, let's see if |
| 14 |
grsecurity will incorporate it... |
| 15 |
|
| 16 |
|
| 17 |
Regards, |
| 18 |
Luis Ressel |
Archives