On Tue, Oct 04, 2011 at 11:50:19PM +0200, bi...@debian.org wrote: > During an automated test your package refpolicy was flagged to > reference files/directories matching /dev/.udev A log of this test > can be found at [2]. > > In most cases checking for /dev/.udev is used to determine if udev is > active. This check no longer works with udev using /run/udev now.
Attached a proposed patch to make refpolicy use the new locations. Not being too familiar with SELinux, this may not be correct, and definitely needs checking and testing. It switches from /dev/.udev to /run/udev. It additionally removes /dev/.udevdb (which appears to not be used, unless this is a SELinux-specific creation; in which case it probably also wants moving to /run), and /dev/udev.tbl, which again is not apparently used, unless it's SELinux-specific, which would also want moving to /run. Regards, Roger -- .''`. Roger Leigh : :' : Debian GNU/Linux http://people.debian.org/~rleigh/ `. `' Printing on GNU/Linux? http://gutenprint.sourceforge.net/ `- GPG Public Key: 0x25BFB848 Please GPG sign your mail.
diff -urN refpolicy-2.20110726.orig/policy/modules/system/udev.fc refpolicy-2.20110726/policy/modules/system/udev.fc --- refpolicy-2.20110726.orig/policy/modules/system/udev.fc 2012-01-18 10:55:43.772988558 +0000 +++ refpolicy-2.20110726/policy/modules/system/udev.fc 2012-01-18 10:58:16.147023920 +0000 @@ -1,6 +1,4 @@ -/dev/\.udev(/.*)? -- gen_context(system_u:object_r:udev_tbl_t,s0) -/dev/\.udevdb -- gen_context(system_u:object_r:udev_tbl_t,s0) -/dev/udev\.tbl -- gen_context(system_u:object_r:udev_tbl_t,s0) +/run/udev(/.*)? -- gen_context(system_u:object_r:udev_tbl_t,s0) /etc/dev\.d/.+ -- gen_context(system_u:object_r:udev_helper_exec_t,s0) diff -urN refpolicy-2.20110726.orig/policy/modules/system/udev.te refpolicy-2.20110726/policy/modules/system/udev.te --- refpolicy-2.20110726.orig/policy/modules/system/udev.te 2012-01-18 10:55:43.772988558 +0000 +++ refpolicy-2.20110726/policy/modules/system/udev.te 2012-01-18 10:59:31.564063459 +0000 @@ -64,12 +64,6 @@ # read udev config allow udev_t udev_etc_t:file read_file_perms; -# create udev database in /dev/.udevdb -allow udev_t udev_tbl_t:file manage_file_perms; -allow udev_t udev_tbl_t:lnk_file manage_lnk_file_perms; -allow udev_t udev_tbl_t:dir manage_dir_perms; -dev_filetrans(udev_t,udev_tbl_t,file) - list_dirs_pattern(udev_t, udev_rules_t, udev_rules_t) read_files_pattern(udev_t, udev_rules_t, udev_rules_t) read_lnk_files_pattern(udev_t, udev_rules_t, udev_rules_t)
