selinux January 2010 archive
Main Archive Page > Month Archives  > selinux archives
selinux: Re: /dev on tmpfs. How to label?

Re: /dev on tmpfs. How to label?

From: Stephen Smalley <sds_at_nospam>
Date: Thu Jan 28 2010 - 14:20:09 GMT
To: AlannY <>

On Thu, 2010-01-28 at 16:55 +0300, AlannY wrote:
> On Thu, Jan 28, 2010 at 08:29:18AM -0500, Stephen Smalley wrote:
> > Most distros do that these days, and it works fine in Fedora, for
> > example.
> >
> > The technique used in Fedora is to run restorecon -R /dev from
> > rc.sysinit to set the contexts on the /dev nodes set up before the
> > policy load, and udev is already SELinux-aware (if built with SELinux
> > support enabled) and should label any dynamically created nodes
> > appropriately once SELinux policy has loaded.
> Ok. I've built udev --with-selinux and it seems now I have a good context (or maybe right?).
> Well, my Controlling term: user_u:object_r:user_tty_device_t:s0. Is it normal?

Yes. user_tty_device_t for a tty, user_devpts_t for a pty. -- Stephen Smalley National Security Agency -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to with the words "unsubscribe selinux" without quotes as the message.