selinux November 2007 archive
Main Archive Page > Month Archives  > selinux archives
selinux: Re: refpolicy HEAD, Debian, patch for udev.te

Re: refpolicy HEAD, Debian, patch for udev.te

From: Václav Ovsík <vaclav.ovsik_at_nospam>
Date: Fri Nov 30 2007 - 15:30:24 GMT
To: "Christopher J. PeBenito" <>

On Fri, Nov 30, 2007 at 09:38:33AM -0500, Christopher J. PeBenito wrote:
> ...
> I thought that was the case, I was just surprised that it wasn't
> short-circuited. What is odd is that it makes the check for equality,
> but then does the setfilecon anyway:

Udev startup script /etc/init.d/udev does on several places restorecon and /sbin/restorecon -R /dev before starting udevd. Symlinks already have right context so.
If there will be for some reason no symlink, udevd should probably create one and relabel it. Right?

> > Corresponding code is in udev_node.c, function node_symlink().
> > if (strcmp(target, buf) == 0) {
> > info("preserve already existing symlink '%s' to '%s'", slink,
> > target);
> > selinux_setfilecon(slink, NULL, S_IFLNK);
> > goto exit;
> > }
> I'll add the rule. Perhaps someone should send up a patch to remove the
> setfilecon, and update the info message.

Mean you to compare the context of symlink and no setfilecon if it is ok? -- Zito -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to with the words "unsubscribe selinux" without quotes as the message.