From: sven.vermeulen@siphos.be (Sven Vermeulen)
Date: Tue, 4 Jan 2011 00:22:30 +0100
Subject: [refpolicy] file contexts for /proc/sys/* missing
In-Reply-To: <4D224087.6000109@redhat.com>
References: <20101229185611.GA21308@siphos.be> <4D1B8CD5.2050705@giz-works.com>
	<4D224087.6000109@redhat.com>
Message-ID: <20110103232230.GA6228@siphos.be>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On Mon, Jan 03, 2011 at 04:32:55PM -0500, Daniel J Walsh wrote:
> Since these are not real files and the context is being generated by the
> kernel. we do not specify file context. There is a construct in base
> policy to say how they should be labelled.

Yes, those genfscon statements. The weird thing is, the genfscon statements
within kernel.te for the /proc file system partially work. For instance,
those for /proc/sys itself works (it gets sysctl_t) and for /proc/sys/net
doesn't.

seinfo --genfscon shows all statements (including those for /proc/sys/net).

Wkr,
	Sven Vermeulen
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
Url : http://oss.tresys.com/pipermail/refpolicy/attachments/20110104/578d7c28/attachment.bin