aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorWenzong Fan <wenzong.fan@windriver.com>2014-05-12 03:31:49 -0400
committerXin Ouyang <xin.ouyang@windriver.com>2014-06-23 11:48:36 +0800
commit073ce40add07c4a3ad4496c5253a37a162434d61 (patch)
tree00dfcccd9725cc19bd65b052de5115b511969741
parentf48a8184d0e9f357070bbca71145edb60c854751 (diff)
downloadmeta-selinux-073ce40add07c4a3ad4496c5253a37a162434d61.tar.gz
meta-selinux-073ce40add07c4a3ad4496c5253a37a162434d61.tar.bz2
meta-selinux-073ce40add07c4a3ad4496c5253a37a162434d61.zip
initscripts/devpts.sh: fix context for /dev/pts
devpts use file_use_trans to allocate security contexts. As there are no range_trans rules for initrc_t mounting devpts, the security level of mountpoint will be derived from the initrc process, to be systemhigh (s15:c0.c1023), instead of expected systemlow(s0). This will block login shells to search PTYs, so use restorecon to fix this. Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com> Signed-off-by: Xin Ouyang <xin.ouyang@windriver.com>
-rwxr-xr-xrecipes-core/initscripts/initscripts/devpts.sh1
1 files changed, 1 insertions, 0 deletions
diff --git a/recipes-core/initscripts/initscripts/devpts.sh b/recipes-core/initscripts/initscripts/devpts.sh
index c6043fb..a0b037f 100755
--- a/recipes-core/initscripts/initscripts/devpts.sh
+++ b/recipes-core/initscripts/initscripts/devpts.sh
@@ -24,5 +24,6 @@ then
then
mkdir -p /dev/pts
mount -t devpts devpts /dev/pts -ogid=${TTYGRP},mode=${TTYMODE}
+ test ! -x /sbin/restorecon || /sbin/restorecon -F /dev/pts
fi
fi