1668ffb244
When udev creates the temporary block devices (such as /dev/.tmp-block-8:1) they get by default marked as device_t. However, in case of software raid devices, the mdadm application (running in mdadm_t) does not hold the proper privileges to access this for its auto-assembly of the raids. Other block device applications, like blkid (running in fsadm_t) use these temporary block devices as well, but already hold the necessary privileges on device_t to continue their work. By marking the temporary block device as a fixed_disk_device_t, all these block device handling applications (such as blkid, but also mdadm) now hold the proper privileges. Since udev is selinux-aware, the created files are immediately restorecon'ed before the rules are applied. Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be> |
||
---|---|---|
.. | ||
flask | ||
modules | ||
support | ||
constraints | ||
global_booleans | ||
global_tunables | ||
mcs | ||
mls | ||
policy_capabilities | ||
users |