[Pkg-sysvinit-devel] Bug#626725: Bug#626725: initscripts: Needs to set SELinux labels for /run
Martin Orr
martin at martinorr.name
Mon May 23 20:55:49 UTC 2011
On Sun, May 15, 2011 at 11:47:46AM -0300, Henrique de Moraes Holschuh wrote:
> Don't we also need tmpfs with support for security attributes, for it to
> work (i.e. for labels to work inside /run)? Does squeeze 2.6.32 support
> such labelling?
Yes. I tested this with the squeeze kernel (and patched refpolicy) and it works fine:
martin at claudius:~$ uname -a
Linux claudius 2.6.32-5-amd64 #1 SMP Mon Mar 7 21:35:22 UTC 2011 x86_64 GNU/Linux
martin at claudius:~$ mount | grep /run
tmpfs on /run type tmpfs (rw,noexec,nosuid,size=10%,mode=755,size=10%,mode=755)
tmpfs on /run/shm type tmpfs (rw,nosuid,nodev,size=20%,mode=1777,size=20%,mode=1777)
martin at claudius:~$ ls -Z /run
system_u:object_r:crond_var_run_t:s0 atd.pid
system_u:object_r:audisp_var_run_t:s0 audispd_events
system_u:object_r:auditd_var_run_t:s0 auditd.pid
system_u:object_r:clamd_var_run_t:s0 clamav
system_u:object_r:courier_var_run_t:s0 courier
system_u:object_r:crond_var_run_t:s0 crond.pid
system_u:object_r:crond_var_run_t:s0 crond.reboot
system_u:object_r:system_dbusd_var_run_t:s0 dbus
system_u:object_r:dhcpc_var_run_t:s0 dhclient.wlan0.pid
system_u:object_r:var_run_t:s0 kdm
system_u:object_r:xdm_var_run_t:s0 kdm.pid
system_u:object_r:var_lock_t:s0 lock
system_u:object_r:initrc_var_run_t:s0 motd
system_u:object_r:restorecond_var_run_t:s0 restorecond.pid
system_u:object_r:syslogd_var_run_t:s0 rsyslogd.pid
system_u:object_r:var_run_t:s0 sendsigs.omit.d
system_u:object_r:tmpfs_t:s0 shm
system_u:object_r:initrc_var_run_t:s0 smartd.pid
system_u:object_r:device_t:s0 udev
system_u:object_r:initrc_var_run_t:s0 utmp
system_u:object_r:NetworkManager_var_run_t:s0 wpa_supplicant
system_u:object_r:NetworkManager_var_run_t:s0 wpa_supplicant.wlan0.pid
system_u:object_r:xdm_var_run_t:s0 xauth
system_u:object_r:xdm_var_run_t:s0 xdmctl
--
Martin Orr
More information about the Pkg-sysvinit-devel
mailing list