From: cpebenito@tresys.com (Christopher J. PeBenito)
Date: Thu, 28 Jul 2011 11:42:26 -0400
Subject: [refpolicy] new runtime udev directory tree (was Re: ANN:
 Reference Policy Release)
In-Reply-To: <20110727204704.606662e8q76lz3sw@webmail.tuffmail.net>
References: <4E2F0B0D.9050206@tresys.com> <1311707249.11418.19.camel@vortex>
	<20110727204704.606662e8q76lz3sw@webmail.tuffmail.net>
Message-ID: <4E318362.4000103@tresys.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On 07/27/11 15:47, Martin Orr wrote:
> On Tue 26 Jul 20:07:29 2011, Guido Trentalancia wrote:
> 
>> Thanks very much Christopher for the new release !
>>
>> Just a quick reminder that it seems to me that latest git (and thus
>> implicitly the new release), do not cater proper file contexts
>> definitions yet for new udev directory /run.
> 
> Git refpolicy and the new release contain:
> /var/run/udev(/.*)?    gen_context(system_u:object_r:udev_tbl_t,s0)
> 
> As explained in the relevant commit message, this is intended to label
> /run/udev rather than /var/run/udev.
> 
> You need to use some method outside the refpolicy to ensure that
> directories in /run are labelled the same as the corresponding
> directories in /var/run.  The easiest is to put
> /run /var/run
> in /etc/selinux/$NAME/contexts/files/file_contexts.subs.

This reminds me, I need to add this file to refpolicy to handle known
substitutions.

-- 
Chris PeBenito
Tresys Technology, LLC
www.tresys.com | oss.tresys.com