On Tue, Aug 31, 2010 at 4:51 PM, Eric Paris <eparis@redhat.com> wrote:
quoted text
> On Tue, 2010-08-31 at 21:32 +0200, Kay Sievers wrote:
>> On Tue, Aug 31, 2010 at 17:49, Harald Hoyer <harald@redhat.com> wrote:
>> > https://bugzilla.redhat.com/show_bug.cgi?id=575128#c14
>> > https://bugzilla.redhat.com/attachment.cgi?id=442223&format=raw
>> >
>> > udev/udev-node.c
>> >
>> > +                       /* set selinux file context on add events */
>> > +                       if (strcmp(udev_device_get_action(dev), "add") == 0)
>> > +                               udev_selinux_lsetfilecon(udev, file, mode);
>>
>> I can't access these bugs.
>>
>> Does that makes sense/work for you?
>>   http://git.kernel.org/?p=linux/hotplug/udev.git;a=commitdiff;h=326c5fc3ea684825629ecca...
>>
>> Kay
>
> I ask Harald (but he wasn't around and I don't know the answer) if it is
> a problem that this changes the behavior of non "add" events.
> Previously a non "add" event with an incorrect mask/uid/gid would have
> reset the SELinux context but now it will not.  It fixes the issue at
> hand, my boxes boot with everything labeled nicely, but I'm not sure if
> there is some other corner case that expected the old behavior with
> change events....

Maybe we should back up and ask the udev folks how they think libvirt
labeling should be done so as to not conflict with udev labeling, e.g.
should libvirt be going through udev to assign the labels.
--
unsubscribe notice
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/