[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: base-files and /dev

On Wed, 2002-07-24 at 05:55, Bernd Eckenfels wrote:
> On Tue, Jul 23, 2002 at 09:09:54PM +0200, Russell Coker wrote:
> > Each file has to be labelled with an appropriate type before it can be used.
> 
> and how does it label what?

It reads from a config file with RegExps, like this:

/boot(|/.*)                     system_u:object_r:boot_t
/boot/System.map-.*             system_u:object_r:system_map_t
/dev(|/.*)                      system_u:object_r:device_t
/dev/MAKEDEV                    system_u:object_r:sbin_t
/dev/null                       system_u:object_r:null_device_t
/dev/zero                       system_u:object_r:zero_device_t

So a file /dev/xxx would get the label system_u:object_r:device_t.

(Note: While I am not sure I like this approach[1], I can't think of
anything better that meets the requirements, so for now it stays
<grin>).

I am not sure why re-labelling /dev with system_u:object_r:device_t is
a bad idea though.

I am guessing that Russell wants /dev to have a different label if it
is devfs, so you can makes policy decisions like "dpkg is only allowed
to create nodes /dev if it is not a devfs filesystem[2]".

In which case, I think you will need to make /dev a special case when
initially creating all labels on the filesystem, won't you?

Notes:
possible limitation with [1]; if a dpkg script does create a device on a
non-devfs /dev[2], it will have the wrong label...
-- 
Brian May <bam@snoopy.apana.org.au>


-- 
To UNSUBSCRIBE, email to debian-devel-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: