1 |
Julius Loman wrote: |
2 |
|
3 |
> Mivz wrote: |
4 |
> |
5 |
>> Hello, |
6 |
>> |
7 |
>> In the SELinux handbook is noted that I should use use UDEV |
8 |
>> management of /dev and no tar bal in /etc/conf.d/rc: |
9 |
>> |
10 |
>> RC_DEVICES="udev" |
11 |
>> RC_DEVICE_TARBALL="no" |
12 |
>> |
13 |
>> But if configure my /dev like this, I loose al my security labels and |
14 |
>> they always return to the standart device_t, which causes my system |
15 |
>> to hang in enforcement mode. |
16 |
>> I played around with them and noted that when I use static management |
17 |
>> and do store /dev to a tarball it does work correct, but then other |
18 |
>> programs start to misbehave, even when not in enforcement mode. For |
19 |
>> exampke konsole hangs on startup. kwifimanager can't find su to edit |
20 |
>> it's settings. If I return to udev management and no tarball, |
21 |
>> everything works fine again, except for the security labels. |
22 |
>> Does anyone no why udev does not work properly with securitylabels? |
23 |
>> Should I file a bug report on this? |
24 |
> |
25 |
> Hello |
26 |
> |
27 |
> It looks like your static dev files (those are on root partition) are |
28 |
> not labeled. Try to remount the dev part of the root partition on /dev |
29 |
> and do the relabeling. |
30 |
> |
31 |
> That worked for me at least. |
32 |
> |
33 |
It was not the labels of the static part. I forgot to remerge udev after |
34 |
upgrading this system to SELinux. |
35 |
Tanx anyway. |
36 |
-- |
37 |
gentoo-hardened@g.o mailing list |