]> git.ipfire.org Git - thirdparty/systemd.git/commit
projects / thirdparty / systemd.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 07336a0) | patch
namespace: fix MAC labels of /dev when PrivateDevices=yes
authorTopi Miettinen <toiwoton@gmail.com>
Tue, 18 Feb 2020 11:18:39 +0000 (13:18 +0200)
committerTopi Miettinen <topimiettinen@users.noreply.github.com>
Fri, 28 Feb 2020 14:17:48 +0000 (14:17 +0000)
commite6e81ec0a56861b905db975fc32c83e2f2faca7d
tree2ad9e5a48981cd6ffa9c22f4cd5e80d8f6e21002tree | snapshot
parent07336a067216f3e5d7551b090c5972c120805d0ecommit | diff
namespace: fix MAC labels of /dev when PrivateDevices=yes

Without changing the SELinux label for private /dev of a service, it will take
a generic file system label:
system_u:object_r:tmpfs_t:s0

After this change it is the same as without `PrivateDevices=yes`:
system_u:object_r:device_t:s0

This helps writing SELinux policies, as the same rules for `/dev` will apply
despite any `PrivateDevices=yes` setting.
src/basic/label.c diff | blob | blame | history
src/basic/label.h diff | blob | blame | history
src/basic/selinux-util.c diff | blob | blame | history
src/basic/selinux-util.h diff | blob | blame | history
src/basic/smack-util.c diff | blob | blame | history
src/basic/smack-util.h diff | blob | blame | history
src/core/namespace.c diff | blob | blame | history
Unnamed repository; edit this file 'description' to name the repository.