[systemd-devel] Fix systemd-udev labeling of /var/run directory.
Daniel J Walsh
dwalsh at redhat.com
Thu May 31 03:54:31 PDT 2012
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 05/30/2012 08:27 PM, Lennart Poettering wrote:
> On Wed, 30.05.12 23:32, Lennart Poettering (lennart at poettering.net) wrote:
>
>>
>> On Wed, 30.05.12 16:13, Daniel J Walsh (dwalsh at redhat.com) wrote:
>>
>>> + const char *prefixes[] = { "/dev", "/var/run", NULL };
>>
>> Is there a reason this mentions /var/run and not /run?
>>
>> Otherwise looks good to me!
>
> I have now commited the patch but took the liberty to change /var/run to
> /run here.
>
> Lennart
>
Yes it has to be /var/run. The policy is all written with the upstream
/var/run patterns not /run.
# matchpathcon -p /run /run/udev
/run/udev system_u:object_r:default_t:s0
# matchpathcon -p /var/run /run/udev
/run/udev system_u:object_r:udev_var_run_t:s0
We have equivalence match between /run -> /var/run
But the library for loading initial context does not take this into account.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAk/HTecACgkQrlYvE4MpobOdIACfWWj1t8wczo9k2iBgill6J8vz
JHUAni/pvi3LsI/d/KXrfb+tJUa0itzH
=Ko7F
-----END PGP SIGNATURE-----
More information about the systemd-devel
mailing list