On 11/03/2014 05:39 PM, Nick Kralevich wrote: > Are there special rules regarding rootfs and file labels? > > Context: > > https://android-review.googlesource.com/112832 > > This change defined the /cores directory, and assigned it, and all of it's > files, to be the coredump_file label. > > When the following sequence of commands are executed: > > $ adb root > restarting adbd as root > nnk@nnk:~$ adb shell mount -w -o remount -t rootfs rootfs > nnk@nnk:~$ adb shell mkdir -p /cores > nnk@nnk:~$ adb shell chmod 0777 /cores > nnk@nnk:~$ adb shell restorecon -R /cores > SELinux: Loaded file_contexts from /file_contexts > nnk@nnk:~$ adb shell ls -ladZ /cores > drwxrwxrwx root root u:object_r:coredump_file:s0 cores > nnk@nnk:~$ adb shell ls -ladZ /cores/foo > /cores/foo: No such file or directory > nnk@nnk:~$ adb shell touch /cores/foo > nnk@nnk:~$ adb shell ls -ladZ /cores/foo > -rw-rw-rw- root root u:object_r:rootfs:s0 foo > > I see that "foo" is a rootfs file, not a coredump_file. > > It's clear I'm probably doing something wrong here, but I'm not quite sure > what....
Can you mount a separate tmpfs on /cores instead? Then the usual label inheritance will just work. rootfs is labeled via genfscon, and while we did change the kernel to support changing labels on rootfs inodes via setxattr(2) so that we can set specific labels on existing files, we did not do anything to support label inheritance from parent directory on new inode creation for rootfs. Not sure you truly want to allow core dumping into the rootfs anyway; you might want to cap the size of the memory used for the core dumps separately. _______________________________________________ Seandroid-list mailing list Seandroid-list@tycho.nsa.gov To unsubscribe, send email to seandroid-list-le...@tycho.nsa.gov. To get help, send an email containing "help" to seandroid-list-requ...@tycho.nsa.gov.
