| 1 |
Mivz wrote: |
| 2 |
> Hello, |
| 3 |
> |
| 4 |
> In the SELinux handbook is noted that I should use use UDEV management |
| 5 |
> of /dev and no tar bal in /etc/conf.d/rc: |
| 6 |
> |
| 7 |
> RC_DEVICES="udev" |
| 8 |
> RC_DEVICE_TARBALL="no" |
| 9 |
> |
| 10 |
> But if configure my /dev like this, I loose al my security labels and |
| 11 |
> they always return to the standart device_t, which causes my system to |
| 12 |
> hang in enforcement mode. |
| 13 |
> I played around with them and noted that when I use static management |
| 14 |
> and do store /dev to a tarball it does work correct, but then other |
| 15 |
> programs start to misbehave, even when not in enforcement mode. For |
| 16 |
> exampke konsole hangs on startup. kwifimanager can't find su to edit |
| 17 |
> it's settings. If I return to udev management and no tarball, everything |
| 18 |
> works fine again, except for the security labels. |
| 19 |
> Does anyone no why udev does not work properly with securitylabels? |
| 20 |
> Should I file a bug report on this? |
| 21 |
Hello |
| 22 |
|
| 23 |
It looks like your static dev files (those are on root partition) are not |
| 24 |
labeled. Try to remount the dev part of the root partition on /dev and do the |
| 25 |
relabeling. |
| 26 |
|
| 27 |
That worked for me at least. |
| 28 |
|
| 29 |
-- |
| 30 |
|
| 31 |
[ Julius Loman ][ lomo@×××××××.net ][ http://lomo.kyberia.net ][ icq:35732873 ] |
| 32 |
-- |
| 33 |
gentoo-hardened@g.o mailing list |
Archives