On Wed, 6 Mar 2002 17:39, Richard Gooch wrote:
> > > I have hacked support for SE Linux into devfsd.
> >
> > I have found one problem with my current code. devfsd wants to
> > re-apply it's permissions to device nodes whenever it's restarted
> > and whenever you do "killall -1 devfsd" to tell it to reload it's
> > config.
>
> I'm open to (clean) suggestions on what to do about this. Perhaps a
> separate signal to reload the config file but don't generate the
> synthetic events?
Sounds reasonable.
> But before I make such a change, tell me why you're reloading the
> config file, but don't want to change permissions? Normally, you just
> send SIGHUP when /var is mounted (if that's where your permissions
> have been saved).
If you decide to change your policy or add support for some type of device
node that was not previously supported then you have to reload the config.
Changing the policy does not necessarily require that existing permissions
need to be changed.
> > Also this is not an issue that is restricted to SE Linux. Currently
> > if I run "killall -1 devfsd" it will be equivalent to "mesg n" for
> > all users!
>
> But in general devfsd should be configured to *not* touch permissions
> for PTY's, so this shouldn't be a problem. What are you doing?
The following is in my devfsd.conf to change the group of the pts devices to
group tty:
REGISTER ^pts/.* PERMISSIONS -1.tty 0600
Is there any better way to do this?
--
If you send email to me or to a mailing list that I use which has >4 lines
of legalistic junk at the end then you are specifically authorizing me to do
whatever I wish with the message and all other messages from your domain, by
posting the message you agree that your long legalistic sig is void.
|