[yocto] [meta-selinux][PATCH 2/2] initscripts/devpts.sh: fix context for /dev/pts
wenzong.fan at windriver.com
wenzong.fan at windriver.com
Mon May 12 00:31:49 PDT 2014
From: Wenzong Fan <wenzong.fan at windriver.com>
devpts use file_use_trans to allocate security contexts. As there are no
range_trans rules for initrc_t mounting devpts, the security level of
mountpoint will be derived from the initrc process, to be systemhigh
(s15:c0.c1023), instead of expected systemlow(s0).
This will block login shells to search PTYs, so use restorecon to fix
this.
Signed-off-by: Wenzong Fan <wenzong.fan at windriver.com>
---
recipes-core/initscripts/initscripts/devpts.sh | 1 +
1 file changed, 1 insertion(+)
diff --git a/recipes-core/initscripts/initscripts/devpts.sh b/recipes-core/initscripts/initscripts/devpts.sh
index c6043fb..a0b037f 100755
--- a/recipes-core/initscripts/initscripts/devpts.sh
+++ b/recipes-core/initscripts/initscripts/devpts.sh
@@ -24,5 +24,6 @@ then
then
mkdir -p /dev/pts
mount -t devpts devpts /dev/pts -ogid=${TTYGRP},mode=${TTYMODE}
+ test ! -x /sbin/restorecon || /sbin/restorecon -F /dev/pts
fi
fi
--
1.7.9.5
More information about the yocto
mailing list