lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:	Wed, 01 Sep 2010 15:44:03 -0400
From:	Daniel J Walsh <dwalsh@...hat.com>
To:	Stephen Smalley <stephen.smalley@...il.com>
CC:	Eric Paris <eparis@...hat.com>, Kay Sievers <kay.sievers@...y.org>,
	Harald Hoyer <harald@...hat.com>, linux-kernel@...r.kernel.org,
	selinux@...ho.nsa.gov, greg@...ah.com, sds@...ho.nsa.gov
Subject: Re: selinux vs devtmpfs (vs udev)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 09/01/2010 12:08 PM, Stephen Smalley wrote:
> On Tue, Aug 31, 2010 at 4:51 PM, Eric Paris <eparis@...hat.com> wrote:
>> On Tue, 2010-08-31 at 21:32 +0200, Kay Sievers wrote:
>>> On Tue, Aug 31, 2010 at 17:49, Harald Hoyer <harald@...hat.com> wrote:
>>>> https://bugzilla.redhat.com/show_bug.cgi?id=575128#c14
>>>> https://bugzilla.redhat.com/attachment.cgi?id=442223&format=raw
>>>>
>>>> udev/udev-node.c
>>>>
>>>> +                       /* set selinux file context on add events */
>>>> +                       if (strcmp(udev_device_get_action(dev), "add") == 0)
>>>> +                               udev_selinux_lsetfilecon(udev, file, mode);
>>>
>>> I can't access these bugs.
>>>
>>> Does that makes sense/work for you?
>>>   http://git.kernel.org/?p=linux/hotplug/udev.git;a=commitdiff;h=326c5fc3ea684825629eccaf33a548759162a539
>>>
>>> Kay
>>
>> I ask Harald (but he wasn't around and I don't know the answer) if it is
>> a problem that this changes the behavior of non "add" events.
>> Previously a non "add" event with an incorrect mask/uid/gid would have
>> reset the SELinux context but now it will not.  It fixes the issue at
>> hand, my boxes boot with everything labeled nicely, but I'm not sure if
>> there is some other corner case that expected the old behavior with
>> change events....
> 
> Maybe we should back up and ask the udev folks how they think libvirt
> labeling should be done so as to not conflict with udev labeling, e.g.
> should libvirt be going through udev to assign the labels.
> 
> 
> --
> This message was distributed to subscribers of the selinux mailing list.
> If you no longer wish to subscribe, send mail to majordomo@...ho.nsa.gov with
> the words "unsubscribe selinux" without quotes as the message.
> 
> 
Well I guess I would not want someone chcon a device and then udev
fixing the label.  Especially on MLS machines.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.16 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAkx+rQMACgkQrlYvE4MpobPAkQCgt93hFUhnv9wJONN+VN62L5c5
KzYAoKbijORf9iDwDazubFJOmAux/8wY
=BbqG
-----END PGP SIGNATURE-----
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ