1 |
Mivz wrote: |
2 |
> Hello, |
3 |
> |
4 |
> In the SELinux handbook is noted that I should use use UDEV management |
5 |
> of /dev and no tar bal in /etc/conf.d/rc: |
6 |
> |
7 |
> RC_DEVICES="udev" |
8 |
> RC_DEVICE_TARBALL="no" |
9 |
> |
10 |
> But if configure my /dev like this, I loose al my security labels and |
11 |
> they always return to the standart device_t, which causes my system to |
12 |
> hang in enforcement mode. |
13 |
> I played around with them and noted that when I use static management |
14 |
> and do store /dev to a tarball it does work correct, but then other |
15 |
> programs start to misbehave, even when not in enforcement mode. For |
16 |
> exampke konsole hangs on startup. kwifimanager can't find su to edit |
17 |
> it's settings. If I return to udev management and no tarball, everything |
18 |
> works fine again, except for the security labels. |
19 |
> Does anyone no why udev does not work properly with securitylabels? |
20 |
> Should I file a bug report on this? |
21 |
Hello |
22 |
|
23 |
It looks like your static dev files (those are on root partition) are not |
24 |
labeled. Try to remount the dev part of the root partition on /dev and do the |
25 |
relabeling. |
26 |
|
27 |
That worked for me at least. |
28 |
|
29 |
-- |
30 |
|
31 |
[ Julius Loman ][ lomo@×××××××.net ][ http://lomo.kyberia.net ][ icq:35732873 ] |
32 |
-- |
33 |
gentoo-hardened@g.o mailing list |