SELinux Mailing List - NSA/CSS

Skip All Menus Skip Top Menu

Top Navigation Menus

Skip Research Menus

Research Menu

Research Security Enhanced Linux What's New Frequently Asked Questions Background Documents License Download Participating Mail List Archives Remaining Work Contributors Related Work Press Releases Information Assurance Research NIARL In-house Research Areas Mathematical Sciences Program Sabbaticals Computer & Information Sciences Research Technology Transfer Advanced Computing Advanced Mathematics Communications & Networking Information Processing Microelectronics Other Technologies Technology Fact Sheets Publications Related Links	Skip Search Box Searchbox SELinux Mailing List Re: file_contexts patch This message: [ Message body ] [ More options ] Related messages: [ Next message ] [ Previous message ] [ In reply to ] [ Next in thread ] [ Replies ] From: Luke Kenneth Casson Leighton <lkcl_at_lkcl.net> Date: Sat, 17 Jul 2004 11:15:34 +0100 thomas, i note the addition of /var/run/usb here. is that because SuSE has modified the hotplug package to place state information in that directory? please advise, because i have raised a bug-request with the debian hotplug maintainers, and i believe that the upstream maintainers favour the use of /etc/hotplug/run rather than /var/run/something. the reason stated is because /var could be on a different partition that may not have been mounted (bearing in mind that /etc/init.d/mountall.sh is called first to mount local partitions, and hotplug is pretty much immediately next, and pretty much everything else is tertiary). personally i think that reason is not good enough, because if say you have /var on a firmware-based usb memory stick (requiring a hotplug-generated event to load the firmware), or /var is nfs-mounted over a firmware-based usb network card, then you're really asking for a lot of trouble. so, _if_ SuSE have made that decision, it would be good to know the reasoning and to have some way of arm-twisting the hotplug maintainers to a more sensible decision [that is FHS compliant aside from anything else]. l. On Fri, Jul 16, 2004 at 10:15:31PM +0200, Thomas Bleher wrote: > The attached patch adds some file_contexts and most importantly labels > libs under /opt correctly. > > Please apply. > > Thomas > > -- > http://www.cip.ifi.lmu.de/~bleher/selinux/ - my SELinux pages > GPG-Fingerprint: BC4F BB16 30D6 F253 E3EA D09E C562 2BAE B2F4 ABE7 > diff -urN orig/file_contexts/program/hotplug.fc mod/file_contexts/program/hotplug.fc > --- orig/file_contexts/program/hotplug.fc 2004-06-19 10:31:43.000000000 +0200 > +++ mod/file_contexts/program/hotplug.fc 2004-07-16 22:10:08.000000000 +0200 > @@ -5,4 +5,5 @@ > /etc/hotplug/.agent -- system_u:object_r:sbin_t* > /etc/hotplug/.rc -- system_u:object_r:sbin_t* > /etc/hotplug/hotplug.functions -- system_u:object_r:sbin_t > +/var/run/usb(/.)? system_u:object_r:hotplug_var_run_t* > -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message. Received on Sat 17 Jul 2004 - 06:04:44 EDT This message: [ Message body ] Next message: Luke Kenneth Casson Leighton: "installing openoffice.org-mimelnk gives access error to /tmp" Previous message: Russell Coker: "Re: file_contexts patch" In reply to: Thomas Bleher: "file_contexts patch" Next in thread: Thomas Bleher: "Re: file_contexts patch" Reply: Thomas Bleher: "Re: file_contexts patch" Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]
	Date Posted: Jan 15, 2009 \| Last Modified: Jan 15, 2009 \| Last Reviewed: Jan 15, 2009

bottom