[systemd-devel] Systemd is causing mislabeled devices to be created and then attempting to read them.
Daniel J Walsh
dwalsh at redhat.com
Wed Aug 4 07:49:20 PDT 2010
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 08/04/2010 05:54 AM, Lennart Poettering wrote:
> On Wed, 28.07.10 09:39, Daniel J Walsh (dwalsh at redhat.com) wrote:
>
>> Here is the updated patch with a fix for the labeling of /dev/autofs
>
> Patch applied and in v5.
>
> I have rearranged some things a little bit, and made one change which I
> think is kinda important:
>
>> +
>> +#if HAVE_SELINUX
>> + if (use_selinux()) {
>> + label_hnd = selabel_open(SELABEL_CTX_FILE, NULL, 0);
>> + if (label_hnd != 0) {
>
> I turned this around, i.e. "if (!label_hnd)".
>
>> + log_error("Failed to initialize SELinux Context ");
>> + r = (security_getenforce() == 1) ? -errno: 0;
>> + }
>> + }
>> +#endif
>
> Hope that change makes sense?
>
> Lennart
>
Definitely. I will fix up policy to work with this and hopefully people
will be able to boot systemd in enforcing mode.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.14 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
iEYEARECAAYFAkxZffAACgkQrlYvE4MpobOwtACgwMKViCUMxxYK77jKeOvkc+Ff
NwoAoMlLsIArBHuewh/r+XP/dSl4pq+O
=9Qw+
-----END PGP SIGNATURE-----
More information about the systemd-devel
mailing list