Bug 424359

Summary:	Udev init script creates /run/udev/rules.d and /run/udev/data
Product:	Gentoo Linux	Reporter:	Sven Vermeulen (RETIRED) <swift>
Component:	SELinux	Assignee:	SE Linux Bugs <selinux>
Status:	VERIFIED FIXED
Severity:	normal
Priority:	Normal
Version:	unspecified
Hardware:	All
OS:	Linux
Whiteboard:	sec-policy r14
Package list:		Runtime testing required:	---
Bug Depends on:
Bug Blocks:	424173

Description Sven Vermeulen (RETIRED) gentoo-dev

2012-07-01 11:46:42 UTC

The /etc/init.d/udev script creates /run/udev/rules.d and /run/udev/data, which should be labeled udev_tbl_t. However, no transition exists for these directories (from initrc_t) so they remain udev_var_run_t until they are relabeled.

We need to provide named file transitions for those two locations.

Reproducible: Always




Currently a discussion is ongoing on refpolicy ML about naming convention for such transitions.

Comment 1 Sven Vermeulen (RETIRED) gentoo-dev

2012-07-03 19:28:42 UTC

Looks like this might need a major update (update all *_pid_filetrans to *_generic_pid_filetrans) which I'm in favor off. I'll try to do this in a gradual way (so at least first for udev so that we can have this fixed, then for all others).

Comment 2 Sven Vermeulen (RETIRED) gentoo-dev

2012-07-10 18:56:52 UTC

Ok, will be in rev14. Seems that the "data" folder is created by udev, not by its init script.

Comment 3 Sven Vermeulen (RETIRED) gentoo-dev

2012-07-10 19:37:23 UTC

In rev 14, available in hardened-dev overlay

Comment 4 Sven Vermeulen (RETIRED) gentoo-dev

2012-07-17 15:05:06 UTC

Moved to main tree, ~arch'ed

Comment 5 Sven Vermeulen (RETIRED) gentoo-dev

2012-07-30 16:37:35 UTC

Stabilized