[systemd-devel] Systemd is causing mislabeled devices to be created and then attempting to read them.
Kay Sievers
kay.sievers at vrfy.org
Tue Jul 27 00:12:07 PDT 2010
On Mon, Jul 26, 2010 at 22:42, Daniel J Walsh <dwalsh at redhat.com> wrote:
> comm="systemd" name="autofs" dev=devtmpfs ino=9482
> scontext=system_u:system_r:init_t:s0
> tcontext=system_u:object_r:device_t:s0 tclass=chr_file
>
> Lennart, we talked about this earlier. I think this is caused by the
> modprobe calls to create /dev/autofs. Since udev is not created at the
> point that init loads the kernel modules, the devices get created with
> the wrong label. Once udev starts the labels get fixed.
>
> I can allow init_t to read device_t chr_files.
Yeah, we need to allow systemd somehow to access the plain
kernel-created devices. We don't want to wait for udev to have set-up
the entire /dev.
It could be possible, that we might need this for f few other services
too, that want to access things before udev has finished. So if it's
possible, we just might want systemd to set the right context in these
few cases, before accessing the node?
Thanks,
Kay
More information about the systemd-devel
mailing list