[Pkg-xen-devel] Bug#597403: Bug#597403: Bug#597403: xen-utils-common: need to run restorecon in /etc/init.d/xend on SE Linux systems
Bastian Blank
waldi at debian.org
Sun Sep 19 15:17:40 UTC 2010
tags 597403 wontfix
thanks
On Mon, Sep 20, 2010 at 12:55:35AM +1000, Russell Coker wrote:
> On Mon, 20 Sep 2010, Bastian Blank <waldi at debian.org> wrote:
> > Please check if there is still a mknod permission for Xen related parts
> > in the selinux policy.
> There is still mknod. Not sure if it's needed though, I'll have to check.
At least not from anything in Squeeze.
> > My interpretation is: udev needs to change the context for already
> > existing files the same way it does with the DAC permissions. udev
> > _still_ gets it hands on the devices, otherwise all the permissions
> > would be wrong.
> Device nodes that existed prior to udev starting are correctly labeled. It's
> the ones that appear unexpectedly that cause this problem.
Kay acknowledged this as a bug in udev. See the referenced thread for a
patch.
> > If selinux can't cope with devtmpfs, don't use it.
> How do I not use devtmpfs?
Ask udev/initramfs-tools not to use.
> > As you don't seem to know that, please discuss that under
> > mass-bugfilling rules. Also yoo have to discuss that with the release
> > team, we are in deep freeze right now.
> Having done a reasonable amount of testing and not discovered any other such
> packages and having not seen any reference to the same problem in other
> packages by the Red Hat people it seems unlikely that there will be many bug
> reports needed.
Sorry, I have to decline before you did that. The change proposed by you
invalidates parts of the udev behaviour.
Bastian
--
Extreme feminine beauty is always disturbing.
-- Spock, "The Cloud Minders", stardate 5818.4
More information about the Pkg-xen-devel
mailing list