-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 07/23/2010 06:56 AM, Kay Sievers wrote: > On Fri, Jul 23, 2010 at 12:30, Daniel J Walsh <dwa...@redhat.com> wrote: >> I though I saw avc's caused because systemd creating some devices with >> the wrong labels? I searched for mknod but found no calls. Does >> systemd create any nodes? > > It should not create any nodes. Systemd depends on the > kernel-maintained devtmpfs for all device nodes. > > Udev runs on top of devtmpfs and adjusts permissions/selinux context > in the background. Could there be a timing problem, that some nodes > which the kernel has created get accessed, but don't have the proper > context in the moment udev is still iterating over them? > > Kay Probably. It could be devices created in initd are being accessed before udev relabels.
I think we need a restorecon -Rv /dev in dracut before /bin/init is executed. I tried to put this into /usr/share/dracut/modules.d/98selinux/selinux-loadpolicy.sh but as I remember it told me that /dev was read/only at the time. If Harald is on the list maybe he would know where to put this. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.14 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAkxJez0ACgkQrlYvE4MpobMPwgCfdtwWeajVCfuz8nZgl0Y6ub7y euAAoOvY3AuydLdqpzfcF0dKsw0NldaY =kiB4 -----END PGP SIGNATURE----- _______________________________________________ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
