| 1 |
Julius Loman wrote: |
| 2 |
|
| 3 |
> Mivz wrote: |
| 4 |
> |
| 5 |
>> Hello, |
| 6 |
>> |
| 7 |
>> In the SELinux handbook is noted that I should use use UDEV |
| 8 |
>> management of /dev and no tar bal in /etc/conf.d/rc: |
| 9 |
>> |
| 10 |
>> RC_DEVICES="udev" |
| 11 |
>> RC_DEVICE_TARBALL="no" |
| 12 |
>> |
| 13 |
>> But if configure my /dev like this, I loose al my security labels and |
| 14 |
>> they always return to the standart device_t, which causes my system |
| 15 |
>> to hang in enforcement mode. |
| 16 |
>> I played around with them and noted that when I use static management |
| 17 |
>> and do store /dev to a tarball it does work correct, but then other |
| 18 |
>> programs start to misbehave, even when not in enforcement mode. For |
| 19 |
>> exampke konsole hangs on startup. kwifimanager can't find su to edit |
| 20 |
>> it's settings. If I return to udev management and no tarball, |
| 21 |
>> everything works fine again, except for the security labels. |
| 22 |
>> Does anyone no why udev does not work properly with securitylabels? |
| 23 |
>> Should I file a bug report on this? |
| 24 |
> |
| 25 |
> Hello |
| 26 |
> |
| 27 |
> It looks like your static dev files (those are on root partition) are |
| 28 |
> not labeled. Try to remount the dev part of the root partition on /dev |
| 29 |
> and do the relabeling. |
| 30 |
> |
| 31 |
> That worked for me at least. |
| 32 |
> |
| 33 |
It was not the labels of the static part. I forgot to remerge udev after |
| 34 |
upgrading this system to SELinux. |
| 35 |
Tanx anyway. |
| 36 |
-- |
| 37 |
gentoo-hardened@g.o mailing list |
Archives