On Wed, 6 Mar 2002 00:23, Russell Coker wrote:
> I have hacked support for SE Linux into devfsd.
I have found one problem with my current code. devfsd wants to re-apply it's
permissions to device nodes whenever it's restarted and whenever you do
"killall -1 devfsd" to tell it to reload it's config.
During the course of a login session the SID of the pty device will change.
It starts as devpts_t, goes to sshd_devpts_t (for a ssh session - an
equivalent type for a non-ssh session), then goes to user_t (or an
appropriate type for the user).
So if devfsd is restarted when someone is logged in then the result is likely
to be a logout for them (which is tough if you've logged in to change the
devfsd config).
Currently I've got my devfsd config matching on ^pts$ and using domain
transition rules for the rest.
For the /dev/vc/* devices (devfs equivalent to /dev/tty[0-9]*) the only
solution I get think of right now is to have the devfs_contexts file specify
them.
Also this is not an issue that is restricted to SE Linux. Currently if I run
"killall -1 devfsd" it will be equivalent to "mesg n" for all users!
--
If you send email to me or to a mailing list that I use which has >4 lines
of legalistic junk at the end then you are specifically authorizing me to do
whatever I wish with the message and all other messages from your domain, by
posting the message you agree that your long legalistic sig is void.
|