On Sun 15 May 15:47:46 2011, Henrique de Moraes Holschuh wrote:
On Sat, 14 May 2011, Martin Orr wrote:
Directories and symlinks created as part of the /run transition are not
labelled for SELinux. The effect is that most services fail to start on
boot after transitioning to /run.
You need to run restorecon after creating a directory or symbolic link
in an init script or maintainer script. Attached patch does this.
/run with SELinux also requires the refpolicy patch I have submitted in
#626720. Once that is fixed, initscripts should probably have
Breaks: selinux-policy-default (<< $FIXEDVERSION)
Don't we also need tmpfs with support for security attributes, for it to
work (i.e. for labels to work inside /run)? Does squeeze 2.6.32 support
such labelling?
Yes, tmpfs needs to support the SELinux attributes. I didn't think
about this because I build my own kernels.
But /dev has been on tmpfs for a long time, so surely someone would
have noticed if there is a problem? (or else noone runs the squeeze
kernel and SELinux)
Unfortunately I am unable to do any tests of this this week.
--
Martin Orr
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
