[systemd-devel] Systemd is causing mislabeled devices to be created and then attempting to read them.

Daniel J Walsh dwalsh at redhat.com
Wed Aug 4 07:49:20 PDT 2010


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 08/04/2010 05:54 AM, Lennart Poettering wrote:
> On Wed, 28.07.10 09:39, Daniel J Walsh (dwalsh at redhat.com) wrote:
> 
>> Here is the updated patch with a fix for the labeling of /dev/autofs
> 
> Patch applied and in v5.
> 
> I have rearranged some things a little bit, and made one change which I
> think is kinda important:
> 
>> +
>> +#if HAVE_SELINUX
>> +	if (use_selinux()) {
>> +		label_hnd = selabel_open(SELABEL_CTX_FILE, NULL, 0);
>> +		if (label_hnd != 0) {
> 
> I turned this around, i.e. "if (!label_hnd)". 
> 
>> +			log_error("Failed to initialize SELinux Context ");
>> +			r = (security_getenforce() == 1) ? -errno: 0;
>> +		}
>> +	}
>> +#endif
> 
> Hope that change makes sense?
> 
> Lennart
> 
Definitely.  I will fix up policy to work with this and hopefully people
will be able to boot systemd in enforcing mode.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.14 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAkxZffAACgkQrlYvE4MpobOwtACgwMKViCUMxxYK77jKeOvkc+Ff
NwoAoMlLsIArBHuewh/r+XP/dSl4pq+O
=9Qw+
-----END PGP SIGNATURE-----


More information about the systemd-devel mailing list