[lxc-devel] [PATCH] oracle template: fix selinux context on symlinks in /dev
Dwight Engen
dwight.engen at oracle.com
Thu Oct 17 15:09:36 UTC 2013
This fixes sshd getting an avc on traversing the /dev/ptmx symlink
(was default_t)
Signed-off-by: Dwight Engen <dwight.engen at oracle.com>
---
templates/lxc-oracle.in | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/templates/lxc-oracle.in b/templates/lxc-oracle.in
index deed9b3..ddc6d74 100644
--- a/templates/lxc-oracle.in
+++ b/templates/lxc-oracle.in
@@ -288,6 +288,10 @@ EOF
if [ $container_rootfs != "/" -a -d $dev_path ]; then
rm -rf $dev_path
mkdir -p $dev_path
+ if which chcon >/dev/null 2>&1 ; then
+ # ensure symlinks created in /dev have the right context
+ chcon -t device_t $dev_path
+ fi
fi
mknod -m 666 $dev_path/null c 1 3
mknod -m 666 $dev_path/zero c 1 5
--
1.8.3.1
More information about the lxc-devel
mailing list