On Thu, 8 Nov 2001, Stephen Smalley wrote:

> In any event, this particular AVC denied message looks
> like it is being caused by a problem in the SELinux support for assigning
> security contexts to devfs entries, which is experimental and isn't being
> actively used by us. I'll have to look into it.

Hugo subsequently clarified via private email that he was using the old (pre-LSM) SELinux prototype. That prototype never supported assigning security contexts to devfs entries, so it isn't surprising that they show up as unlabeled_t, although it does look like there is a bug in the assignment of the security class. The devfs labeling support wasn't added until the 2nd release of the LSM-based SELinux prototype (the 9/26 release). However, as I mentioned above, even this support is experimental and isn't being actively used by us, so I don't know how well it will work for real devfs users.

--
Stephen D. Smalley, NAI Labs
ssmalley@nai.com






--
You have received this message because you are subscribed to the selinux list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.