From: Bruce A. <ba...@gr...> - 2007-08-26 20:44:06
|
Hi Bruno, >> Is there code that I can add to the smartmontools function >> setup_3ware_nodes() which will 'set the context' for SELinux? The goal >> is that a stock user on a stock SELinux system can run smartd/smartctl >> and have them operate correctly, with no special action needed on their >> part. > > This doesn't sound like the right approach. I would expect device nodes > to be created by udev using rules definitions not by an application like > smartd. If the device nodes do not already exist with the correct major/minor device numbers, then smartd (already!) creates them. Of course if the nodes already exist because something else like udev has created them, then smartd does nothing. > On the selinux side, things would be done differently. An application > like smartd wouldn't be allowed to change its own context directly. > Instead if it needed to be able to create files in /dev it (the context > it runs with) would be given that ability. If it wanted to only have the > ability early on (with respect to selinux limitaions), then it would > start by running a privileged executable and fork a less privileged one > to continue. I don't know enough about SELinux, udev and dev to understand how to proceed based on your comments above. I would be happy to 'do nothing' but am concerned that more users may run into the problem reported to the support list. How do you suggest that I address the problem that has been reported? Should I do nothing? Cheers, Bruce |