1 |
On Mon, 17 Feb 2014 19:24:51 +0000 |
2 |
Sven Vermeulen <swift@g.o> wrote: |
3 |
|
4 |
> The init script approach is what most distributions are doing. We also |
5 |
> relabel cpu/online in the selinux_gentoo init script. |
6 |
> |
7 |
> But the approach you mentioned on the other mailinglist (regarding |
8 |
> reusing the statement already in use for /proc stuff) seems like a |
9 |
> valid case - interesting to see what's going to happen ;) |
10 |
|
11 |
Yes, I'm trying to find better technical solutions than the init script |
12 |
approach, both for cpu_online_t and for the sysfs access. I've just |
13 |
written a kernel patch to make the sysfs gid configurable, let's see if |
14 |
grsecurity will incorporate it... |
15 |
|
16 |
|
17 |
Regards, |
18 |
Luis Ressel |