Bug#387051: udev: SELinux support (patch also adds easy disabling of /dev/.static)

Mon, 11 Sep 2006 15:34:02 -0700 

Package: udev
Version: 0.100-1
Severity: normal
Tags: patch

The attached patch adds:
- restorecon calls after mounting, file or folder creation for SELinux
  (required for SELinux operation)
- easy disabling of the /dev/.static magic (add
  no_static_dev="something" to /etc/udev/udev.conf)

-- Package-specific info:
-- System Information:
Debian Release: testing/unstable
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/dash
Kernel: Linux 2.6.17.7
Locale: [EMAIL PROTECTED], [EMAIL PROTECTED] (charmap=UTF-8)

Versions of packages udev depends on:
ii  libc6                        2.3.6.ds1-4 GNU C Library: Shared libraries
ii  libselinux1                  1.30.27-2   SELinux shared libraries
ii  libvolume-id0                0.100-1     libvolume_id shared library
ii  lsb-base                     3.1-15      Linux Standard Base 3.1 init scrip

udev recommends no packages.

-- no debconf information

--- /etc/init.d/udev    2006-09-03 12:15:35.000000000 +0200
+++ udev        2006-09-11 23:20:42.000000000 +0200
@@ -27,17 +27,23 @@
 
   # /dev/.static/dev/ is used by MAKEDEV to access the real /dev/ directory.
   # /lib/udev/devices/ is recycled as a temporary mount point.
-  mount -n --bind /dev /lib/udev/devices
+  if [ -z "$no_static_dev" ]; then
+    mount -n --bind /dev /lib/udev/devices
+  fi
 
   if ! mount -n -o size=$tmpfs_size,mode=0755 -t tmpfs tmpfs /dev; then
     umount -n /lib/udev/devices
     log_failure_msg "udev requires tmpfs support, not started."
     log_end_msg 1
   fi
+  # relabel the new tmpfs accordingly
+  [ -x /sbin/restorecon ] && /sbin/restorecon /dev
 
-  mkdir -p /dev/.static/dev
-  chmod 700 /dev/.static/
-  mount -n --move /lib/udev/devices /dev/.static/dev
+  if [ -z "$no_static_dev" ]; then
+    mkdir -p /dev/.static/dev
+    chmod 700 /dev/.static/
+    mount -n --move /lib/udev/devices /dev/.static/dev
+  fi
 }
 
 create_dev_makedev() {
@@ -52,6 +58,7 @@
 make_extra_nodes() {
   if [ "$(echo /lib/udev/devices/*)" != "/lib/udev/devices/*" ]; then
     cp --archive --update /lib/udev/devices/* /dev/
+    [ -x /sbin/restorecon ] && /sbin/restorecon /dev/*
   fi
 
   [ -e /etc/udev/links.conf ] || return 0
@@ -64,6 +71,7 @@
       M) mknod -m 600 /dev/$name $arg1 ;;
       *) log_warning_msg "links.conf: unparseable line ($type $name $arg1)" ;;
     esac
+    [ -x /sbin/restorecon ] && /sbin/restorecon /dev/$name >/dev/null 
2>/dev/null
   done
 }

Reply via email to