Re: makedev stuff
On Sat, Jul 27, 2002 at 10:01:20PM -0400, Andres Salomon wrote:
> I took a quick look at the selinux package.. I'm not sure I completely
> understand, but I'm sure you'll correct me. :)
>
> Taking /dev/random from the file context stuff:
> /dev/random system_u:object_r:random_device_t
>
> echo "std mknod ... && chmod ... && data=$(grep "^/dev/random"
> .../types.fc" >> /etc/makedev.d/selinux
That looks good to me. This script could be dropped into place
by the selinux package.
All that is required is a script/macro/function/what-ever that runs
after the device has been created. This needs the filename of the new
device to be passed to it as a parameter.
Once the script is called with the filename it is trivial to
relabel it correctly.
If lots of devices need to be created at the same time, and this is
considered too slow to fork&exec each time, then the selinux script
could also cope with receiving a list of devices, and process them all
in the one setfiles call.
I think the time interval between when the device is created and gets
the correct label is not important, but Russell can correct me on that
point (or anything else) if I am wrong.
--
Brian May <bam@debian.org>
--
To UNSUBSCRIBE, email to debian-devel-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: