[lxc-devel] [PATCH] oracle template: fix selinux context on symlinks in /dev
Serge Hallyn
serge.hallyn at ubuntu.com
Thu Oct 17 15:17:42 UTC 2013
Quoting Dwight Engen (dwight.engen at oracle.com):
> This fixes sshd getting an avc on traversing the /dev/ptmx symlink
> (was default_t)
>
> Signed-off-by: Dwight Engen <dwight.engen at oracle.com>
Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>
> ---
> templates/lxc-oracle.in | 4 ++++
> 1 file changed, 4 insertions(+)
>
> diff --git a/templates/lxc-oracle.in b/templates/lxc-oracle.in
> index deed9b3..ddc6d74 100644
> --- a/templates/lxc-oracle.in
> +++ b/templates/lxc-oracle.in
> @@ -288,6 +288,10 @@ EOF
> if [ $container_rootfs != "/" -a -d $dev_path ]; then
> rm -rf $dev_path
> mkdir -p $dev_path
> + if which chcon >/dev/null 2>&1 ; then
> + # ensure symlinks created in /dev have the right context
> + chcon -t device_t $dev_path
> + fi
> fi
> mknod -m 666 $dev_path/null c 1 3
> mknod -m 666 $dev_path/zero c 1 5
> --
> 1.8.3.1
>
>
> ------------------------------------------------------------------------------
> October Webinars: Code for Performance
> Free Intel webinars can help you accelerate application performance.
> Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from
> the latest Intel processors and coprocessors. See abstracts and register >
> http://pubads.g.doubleclick.net/gampad/clk?id=60135031&iu=/4140/ostg.clktrk
> _______________________________________________
> Lxc-devel mailing list
> Lxc-devel at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/lxc-devel
More information about the lxc-devel
mailing list