projects / systemd / .git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 7bda173) | patch
namespace: fix MAC labels of /dev when PrivateDevices=yes
authorTopi Miettinen <toiwoton@gmail.com>
Tue, 18 Feb 2020 11:18:39 +0000 (13:18 +0200)
committerTopi Miettinen <topimiettinen@users.noreply.github.com>
Thu, 12 Mar 2020 08:23:27 +0000 (08:23 +0000)
commitc3151977d7de70b360a3090004d3beb95137f737
tree42f68c7f540290ffdf506877127dfd8ffb37d0aetree | snapshot
parent7bda173f6a67e921757dca6dfb3d2cb89e1fdbe3commit | diff
namespace: fix MAC labels of /dev when PrivateDevices=yes

Without changing the SELinux label for private /dev of a service, it will take
a generic file system label:
system_u:object_r:tmpfs_t:s0

After this change it is the same as without `PrivateDevices=yes`:
system_u:object_r:device_t:s0

This helps writing SELinux policies, as the same rules for `/dev` will apply
despite any `PrivateDevices=yes` setting.
src/basic/label.c diff | blob | history
src/basic/label.h diff | blob | history
src/basic/selinux-util.c diff | blob | history
src/basic/selinux-util.h diff | blob | history
src/basic/smack-util.c diff | blob | history
src/basic/smack-util.h diff | blob | history
src/core/namespace.c diff | blob | history
https://github.com/systemd/systemd.git