From: sven.vermeulen@siphos.be (Sven Vermeulen) Date: Wed, 29 Dec 2010 19:56:11 +0100 Subject: [refpolicy] file contexts for /proc/sys/* missing Message-ID: <20101229185611.GA21308@siphos.be> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com Hi all, My system seems to be unable to give proper security contexts to the "files" in /proc/sys/*: hpl sys # ls -laZ /proc/sys/ total 0 dr-xr-xr-x. 1 root wheel system_u:object_r:sysctl_t 0 Dec 29 18:45 . dr-xr-xr-x. 154 root root system_u:object_r:proc_t 0 Dec 29 18:45 .. dr-xr-xr-x 0 root root ? 0 Dec 29 19:31 abi dr-xr-xr-x 0 root root ? 0 Dec 29 19:31 debug dr-xr-xr-x 0 root root ? 0 Dec 29 19:31 dev dr-xr-xr-x 0 root root ? 0 Dec 29 18:45 fs dr-xr-xr-x 0 root root ? 0 Dec 29 19:31 kernel dr-xr-xr-x 0 root root ? 0 Dec 29 19:29 net dr-xr-xr-x 0 root root ? 0 Dec 29 19:31 sunrpc dr-xr-xr-x 0 root root ? 0 Dec 29 19:31 vm It seems that kernel.te should generate the necessary contexts, and for some other locations (like /proc/net) it does: dr-xr-xr-x. 6 root wheel staff_u:staff_r:staff_t 0 Dec 29 19:52 . dr-x------. 7 root wheel staff_u:staff_r:staff_t 0 Dec 29 19:52 .. -r--r--r--. 1 root wheel system_u:object_r:proc_net_t 0 Dec 29 19:52 arp -r--r--r--. 1 root wheel system_u:object_r:proc_net_t 0 Dec 29 19:52 connector -r--r--r--. 1 root wheel system_u:object_r:proc_net_t 0 Dec 29 19:52 dev -r--r--r--. 1 root wheel system_u:object_r:proc_net_t 0 Dec 29 19:52 dev_mcast [...] How do I go about to debug this? I was hoping to put some debugging statements along the line of the genfscon macro, but can't find its definition anywhere. Wkr, Sven Vermeulen -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 198 bytes Desc: not available Url : http://oss.tresys.com/pipermail/refpolicy/attachments/20101229/7c65a386/attachment.bin