[DSE-Dev] Bug#849637: not policy bugs
Laurent Bigonville
bigon at debian.org
Sat Jan 7 10:43:09 UTC 2017
Le 07/01/17 à 07:21, Russell Coker a écrit :
> On Friday, 6 January 2017 2:09:13 PM AEDT Laurent Bigonville wrote:
>> I just retested myself and it's working with the kernel from unstable
>> (apparently you need >= 4.2) and the following line:
>>
>> genfscon sysfs /devices/system/cpu/online
>> gen_context(system_u:object_r:cpu_online_t,s0)
>>
>> So yes it can be solved in the policy.
> I just tried it again with that line in devices.te with kernel 4.8 and it
> didn't work for me. Please send me a patch of exactly what you used.
>
I'm using the refpolicy with this patch above it.
kernel from unstable: Linux fornost 4.8.0-2-amd64 #1 SMP Debian 4.8.11-1
(2016-12-02) x86_64 GNU/Linux
I tried to load the policy from the initramfs to be sure nothing was
calling restorecon and it still works.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-Use-genfscon-to-label-sys-devices-system-cpu-online-.patch
Type: text/x-patch
Size: 1040 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/selinux-devel/attachments/20170107/276ce8df/attachment.bin>
More information about the SELinux-devel
mailing list