On Thu, 7 Mar 2002 07:12, Richard Gooch wrote:
> > > > > I have hacked support for SE Linux into devfsd.
> > > >
> > > > I have found one problem with my current code. devfsd wants to
> > > > re-apply it's permissions to device nodes whenever it's restarted
> > > > and whenever you do "killall -1 devfsd" to tell it to reload it's
> > > > config.
> > >
> > > I'm open to (clean) suggestions on what to do about this. Perhaps a
> > > separate signal to reload the config file but don't generate the
> > > synthetic events?
> >
> > Sounds reasonable.
>
> OK. How about SIGUSR1? If you have a better signal, let me know.
Sounds fine, SIGUSR1 is free for whatever you want...
> > > > Also this is not an issue that is restricted to SE Linux. Currently
> > > > if I run "killall -1 devfsd" it will be equivalent to "mesg n" for
> > > > all users!
> > >
> > > But in general devfsd should be configured to *not* touch permissions
> > > for PTY's, so this shouldn't be a problem. What are you doing?
> >
> > The following is in my devfsd.conf to change the group of the pts
> > devices to group tty:
> > REGISTER ^pts/.* PERMISSIONS -1.tty 0600
> >
> > Is there any better way to do this?
>
> That's fine. In fact, this is sufficient:
> REGISTER ^pts/ PERMISSIONS -1.tty 0600
>
> and is actually the same, since "pts/" matches ^pts/.* and may be more
> efficient than having the trailing .* in the regexp.
True. But I still have the issue of a restart changing the mode.
Maybe I should write a .so for managing pts/*?
--
If you send email to me or to a mailing list that I use which has >4 lines
of legalistic junk at the end then you are specifically authorizing me to do
whatever I wish with the message and all other messages from your domain, by
posting the message you agree that your long legalistic sig is void.
|