On Sat, 19 Jan 2002 04:50, Stephen Smalley wrote:
> For filesystems that use the persistent label mapping (e.g. ext2, ext3,
> reiserfs), the label will set by the chsid call be retained across reboots
> since it is stored in that mapping. For pseudo filesystems like devfs,
> the label won't be retained across reboots unless you also add it to
> devfs_contexts, because there is no persistent storage of the label. So,
> if you want the labels to persist, you'll need to update devfs_contexts
> and then reboot.

Do you think it would make sense to have a SE version of devfsd that applied SE SID's at the same time as applying regular permissions to devfs managed device nodes? It makes sense to me to have both regular file system permissions and SE sids applied at the same time.

I could do the devfsd patch in a small amount of time if desired (I've written plenty of patches for devfsd already so I know the code reasonably well).

NB I've CC'd Richard Gooch to get his opinions on this matter.

-- 
http://www.coker.com.au/bonnie++/     Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/       Postal SMTP/POP benchmark
http://www.coker.com.au/projects.html Projects I am working on
http://www.coker.com.au/~russell/     My home page

--
You have received this message because you are subscribed to the selinux list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.