Re: LVM and devfs_contexts (Was: your mail)

On Thu, 7 Feb 2002, Vanuxem wrote:

> Does anyone know if SElinux is working with LVM
> and how can I configure the devfs_context ???

We have not tried using LVM with SELinux, and offhand I don't know how it would interact with SELinux. Naturally, any new operations implemented by LVM won't be controlled by SELinux unless they happen to use the existing capable or permission interfaces for checking privileges/permissions.

We aren't using devfs ourselves, but the policy/devfs_contexts file does allow you to specify initial contexts for devfs entries if you are using it. The example file is fairly sketchy, so you are likely to need to specify a number of other devfs entries for a working system. Russell Coker has posted some additions that he found necessary to use it, e.g.:

	/vc	system_u:object_r:devtty_t
	/pts	system_u:object_r:devtty_t

After adding entries to devfs_contexts, you will need to reboot for them to take effect. Russell Coker might be working on changes to devfsd to dynamically manage the security contexts for devfs entries.

--
Stephen D. Smalley, NAI Labs
ssmalley@nai.com






--
You have received this message because you are subscribed to the selinux list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.