| 1 |
> I'm on the 2006.1 unstable profile for selinux and think I may have a |
| 2 |
> race condition that results in avc denials before selinux has finished |
| 3 |
> labeling things like /dev. For example, the first denial below appears |
| 4 |
> to be where /etc/hotplug.d/default/default.hotplug is peeking and poking |
| 5 |
> around with /dev/null. The denial has it as a system_u:object_r:file_t, |
| 6 |
> but when I look at it from a running system I see it as a |
| 7 |
> system_u:object_r:null_device_t. |
| 8 |
Please check if your root-filesystem still contains a (static) /dev |
| 9 |
populated with incorrectly labeled device files. When the system boots, |
| 10 |
these files are "those that matter" until the scripts come into play and |
| 11 |
"overmount" /dev with tmpfs and create properly labeled device-files. |
| 12 |
My static /dev contains only /dev/console and /dev/null on disk and boots. |
| 13 |
|
| 14 |
greets |
| 15 |
Joern |
| 16 |
-- |
| 17 |
gentoo-hardened@g.o mailing list |
Archives