Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 155556 - nash creating nodes, should't this be done by udev?
Summary: nash creating nodes, should't this be done by udev?
Keywords:
Status: CLOSED NOTABUG
Alias: None
Product: Fedora
Classification: Fedora
Component: udev
Version: rawhide
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Harald Hoyer
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2005-04-21 12:36 UTC by Daniel Walsh
Modified: 2007-11-30 22:11 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2005-04-21 14:24:14 UTC


Attachments (Terms of Use)

Description Daniel Walsh 2005-04-21 12:36:06 UTC
Description of problem:

We are trying to write better SELinux policy for the initscripts and we came
accross rc.sysinit requireing the ability to mk blk devices on /dev.  
Can't this functionality be moved to udev?

diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/initrc.te 
policy-1.23.11/domains/program/initrc.te
--- nsapolicy/domains/program/initrc.te 2005-03-24 08:58:25.000000000 -0500
+++ policy-1.23.11/domains/program/initrc.te    2005-04-14 15:30:19.000000000 
-0400
@@ -12,7 +12,7 @@
 # initrc_exec_t is the type of the init program.
 #
 # do not use privmail for sendmail as it creates a type transition conflict
-type initrc_t, ifdef(`unlimitedRC', `admin, etc_writer, fs_domain, privmem, 
auth_write, ') domain, privlog, privowner, privmodule, ifdef(`sendmail.te', 
`', `privmail,') ifdef(`distro_debian', `etc_writer, ') sysctl_kernel_writer, 
nscd_client_domain;
+type initrc_t, fs_domain, ifdef(`unlimitedRC', `admin, etc_writer, privmem, 
auth_write, ') domain, privlog, privowner, privmodule, ifdef(`sendmail.te', 
`', `privmail,') ifdef(`distro_debian', `etc_writer, ') sysctl_kernel_writer, 
nscd_client_domain;
 
 role system_r types initrc_t;
 uses_shlib(initrc_t);

Note that the above is needed for the following command:
echo "raidautorun /dev/md0" | nash --quiet

Comment 1 Harald Hoyer 2005-04-21 12:40:16 UTC
why is this assigned to udev?

Comment 2 Daniel Walsh 2005-04-21 12:46:05 UTC
Because I think udev should be doing it.  I also cc'd Bill.,

Comment 3 Harald Hoyer 2005-04-21 13:15:29 UTC
then the kernel module has to send hotplug events and udev will create those
devices... no change to udev needed!!

Comment 4 Bill Nottingham 2005-04-21 14:24:14 UTC
It doesn't work that way.

The raidautorun command requires a device node to operate on (basically, to send
the ioctl on).

*Then*, it scans the partitions and actually creates the raid devices. This is
what would send the hotplug event.

Comment 5 Daniel Walsh 2005-04-21 14:34:07 UTC
SO should I give these privs to nash and only allow nash to be tansitioned by
initrc?

Is nash used by anything else?

Dan

Comment 6 Bill Nottingham 2005-04-21 20:21:00 UTC
Yeah, that sounds about right.

nash is used on the initrd. Don't think it's used anywhere else.


Note You need to log in before you can comment on or make changes to this bug.