[yocto] [PATCH][meta-selinux] udev: restorecon /run to allow mdadm creating /run/mdadm
wenzong.fan at windriver.com
wenzong.fan at windriver.com
Mon Mar 23 00:29:11 PDT 2015
From: Wenzong Fan <wenzong.fan at windriver.com>
This change bases on the factors during bootup:
a. the default type for /run is var_run_t;
b. the type for /run will be changed to tmpfs_t after tmpfs mounted;
c. the type for /run will be fixed after populate-volatile.sh run.
udev service is started in b->c period, fix the type for /run from
udev init script to remove:
avc: denied { write } for pid=294 comm="mdadm" \
name="/" dev="tmpfs" ino=10581 \
scontext=system_u:system_r:mdadm_t:s0-s15:c0.c1023 \
tcontext=system_u:object_r:tmpfs_t:s0 tclass=dir
(LOCAL REV: NOT UPSTREAM) -- Sent to yocto on 20150323
Signed-off-by: Wenzong Fan <wenzong.fan at windriver.com>
---
recipes-core/udev/udev/init | 3 +++
1 file changed, 3 insertions(+)
diff --git a/recipes-core/udev/udev/init b/recipes-core/udev/udev/init
index 66359f2..bb8b95b 100644
--- a/recipes-core/udev/udev/init
+++ b/recipes-core/udev/udev/init
@@ -61,6 +61,9 @@ case "$1" in
# /var/volatile/tmp directory to be available.
mkdir -p /var/volatile/tmp
+ # restorecon /run early to allow mdadm creating dir /run/mdadm
+ test ! -x /sbin/restorecon || /sbin/restorecon -F /run
+
# Cache handling.
# A list of files which are used as a criteria to judge whether the udev cache could be reused.
CMP_FILE_LIST="/proc/version /proc/cmdline /proc/devices /proc/atags"
--
1.9.1
More information about the yocto
mailing list