udev: initscript restore security context for /dev

Poky/oe-core has set CONFIG_DEVTMPFS_MOUNT=y for kernel to mount /dev with devtmpfs itself. With MLS policy, kernel is running in s15:c0.c1023 level, so /dev will be relabeled to this high level too. This will cause processes running with low levels can not visit /dev directory. So, we just run restorecon /dev to fix this. Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
author: Xin Ouyang <Xin.Ouyang@windriver.com> 2012-09-11 16:00:09 +0800
committer: Xin Ouyang <Xin.Ouyang@windriver.com> 2012-10-18 11:07:44 +0800
commit: 6845442c3cf532b88a3516675733195556cfbd63 (patch)
tree: 7f0be6229e0f2075261efe69fd26499fa8f85953
parent: 4c59f03c8311540fc84b6a543fa93633a183fb62 (diff)
download: meta-selinux-6845442c3cf532b88a3516675733195556cfbd63.tar.gz
2 files changed, 89 insertions, 1 deletions
diff --git a/recipes-core/udev/udev/init b/recipes-core/udev/udev/init
new file mode 100644
index 0000000..44a192a
--- /dev/null
+++ b/recipes-core/udev/udev/init
@@ -0,0 +1,86 @@
+#!/bin/sh
+### BEGIN INIT INFO
+# Provides:          udev
+# Required-Start:    mountvirtfs
+# Required-Stop:     
+# Default-Start:     S
+# Default-Stop:
+# Short-Description: Start udevd, populate /dev and load drivers.
+### END INIT INFO
+export TZ=/etc/localtime
+[ -d /sys/class ] || exit 1
+[ -r /proc/mounts ] || exit 1
+[ -x /sbin/udevd ] || exit 1
+[ -f /etc/default/udev-cache ] && . /etc/default/udev-cache
+[ -f /etc/udev/udev.conf ] && . /etc/udev/udev.conf
+readfile () {
+   filename=$1
+   READDATA=""
+   if [ -r $filename ]; then
+       while read line; do
+           READDATA="$READDATA$line"
+       done < $filename
+   fi
+}
+kill_udevd() {
+        pid=`pidof -x udevd`
+        [ -n "$pid" ] && kill $pid
+}
+export ACTION=add
+# propagate /dev from /sys
+echo "Starting udev"
+# mount the tmpfs on /dev, if not already done
+LANG=C awk '$2 == "/dev" && ($3 == "tmpfs" || $3 == "devtmpfs") { exit 1 }' /proc/mounts && {
+        mount -n -o mode=0755 -t tmpfs none "/dev"
+}
+[ -e /dev/pts ] || mkdir -m 0755 /dev/pts
+[ -e /dev/shm ] || mkdir -m 1777 /dev/shm
+# cache handling
+if [ "$DEVCACHE" != "" ]; then
+        readfile /proc/version
+        VERSION="$READDATA"
+        readfile /proc/cmdline
+        CMDLINE="$READDATA"
+        readfile /proc/devices
+        DEVICES="$READDATA"
+        readfile /proc/atags
+        ATAGS="$READDATA"
+        if [ -e $DEVCACHE ]; then
+                readfile /etc/udev/cache.data
+                if [ "$READDATA" = "$VERSION$CMDLINE$DEVICES$ATAGS" ]; then
+                        (cd /; tar xf $DEVCACHE > /dev/null 2>&1)
+                        not_first_boot=1
+                fi
+                echo "$VERSION$CMDLINE$DEVICES$ATAGS" > /dev/shm/udev.cache
+        fi
+fi
+# make_extra_nodes
+kill_udevd > "/dev/null" 2>&1
+# trigger the sorted events
+echo -e '\000\000\000\000' > /proc/sys/kernel/hotplug
+/sbin/udevd -d
+/sbin/udevadm control --env=STARTUP=1
+if [ "$not_first_boot" != "" ];then
+        /sbin/udevadm trigger --action=add --subsystem-nomatch=tty --subsystem-nomatch=mem --subsystem-nomatch=vc --subsystem-nomatch=vtconsole --subsystem-nomatch=misc --subsystem-nomatch=dcon --subsystem-nomatch=pci_bus  --subsystem-nomatch=graphics      --subsystem-nomatch=backlight --subsystem-nomatch=video4linux  --subsystem-nomatch=platform
+        (/sbin/udevadm settle --timeout=3; /sbin/udevadm control --env=STARTUP=)&
+else
+        /sbin/udevadm trigger --action=add
+        /sbin/udevadm settle
+fi
+test ! -x /sbin/restorecon || /sbin/restorecon /dev
+exit 0
diff --git a/recipes-core/udev/udev_164.bbappend b/recipes-core/udev/udev_164.bbappend
index 396feae..a699b52 100644
--- a/recipes-core/udev/udev_164.bbappend
+++ b/recipes-core/udev/udev_164.bbappend
@@ -1,4 +1,6 @@
-PR .= ".1"
+PR .= ".2"
+FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}:"
 DEPENDS += "${@base_contains('DISTRO_FEATURES', 'selinux', 'libselinux', '', d)}"
author	Xin Ouyang <Xin.Ouyang@windriver.com>	2012-09-11 16:00:09 +0800
committer	Xin Ouyang <Xin.Ouyang@windriver.com>	2012-10-18 11:07:44 +0800
commit	6845442c3cf532b88a3516675733195556cfbd63 (patch)
tree	7f0be6229e0f2075261efe69fd26499fa8f85953
parent	4c59f03c8311540fc84b6a543fa93633a183fb62 (diff)
download	meta-selinux-6845442c3cf532b88a3516675733195556cfbd63.tar.gz

diff --git a/recipes-core/udev/udev/init b/recipes-core/udev/udev/init new file mode 100644 index 0000000..44a192a --- /dev/null +++ b/recipes-core/udev/udev/init
@@ -0,0 +1,86 @@
		1	#!/bin/sh
		2
		3	### BEGIN INIT INFO
		4	# Provides: udev
		5	# Required-Start: mountvirtfs
		6	# Required-Stop:
		7	# Default-Start: S
		8	# Default-Stop:
		9	# Short-Description: Start udevd, populate /dev and load drivers.
		10	### END INIT INFO
		11
		12	export TZ=/etc/localtime
		13
		14	[ -d /sys/class ] \|\| exit 1
		15	[ -r /proc/mounts ] \|\| exit 1
		16	[ -x /sbin/udevd ] \|\| exit 1
		17	[ -f /etc/default/udev-cache ] && . /etc/default/udev-cache
		18	[ -f /etc/udev/udev.conf ] && . /etc/udev/udev.conf
		19
		20	readfile () {
		21	filename=$1
		22	READDATA=""
		23	if [ -r $filename ]; then
		24	while read line; do
		25	READDATA="$READDATA$line"
		26	done < $filename
		27	fi
		28	}
		29
		30	kill_udevd() {
		31	pid=`pidof -x udevd`
		32	[ -n "$pid" ] && kill $pid
		33	}
		34
		35	export ACTION=add
		36	# propagate /dev from /sys
		37	echo "Starting udev"
		38
		39	# mount the tmpfs on /dev, if not already done
		40	LANG=C awk '$2 == "/dev" && ($3 == "tmpfs" \|\| $3 == "devtmpfs") { exit 1 }' /proc/mounts && {
		41	mount -n -o mode=0755 -t tmpfs none "/dev"
		42	}
		43	[ -e /dev/pts ] \|\| mkdir -m 0755 /dev/pts
		44	[ -e /dev/shm ] \|\| mkdir -m 1777 /dev/shm
		45
		46	# cache handling
		47	if [ "$DEVCACHE" != "" ]; then
		48	readfile /proc/version
		49	VERSION="$READDATA"
		50	readfile /proc/cmdline
		51	CMDLINE="$READDATA"
		52	readfile /proc/devices
		53	DEVICES="$READDATA"
		54	readfile /proc/atags
		55	ATAGS="$READDATA"
		56
		57	if [ -e $DEVCACHE ]; then
		58	readfile /etc/udev/cache.data
		59	if [ "$READDATA" = "$VERSION$CMDLINE$DEVICES$ATAGS" ]; then
		60	(cd /; tar xf $DEVCACHE > /dev/null 2>&1)
		61	not_first_boot=1
		62	fi
		63
		64	echo "$VERSION$CMDLINE$DEVICES$ATAGS" > /dev/shm/udev.cache
		65	fi
		66	fi
		67
		68	# make_extra_nodes
		69	kill_udevd > "/dev/null" 2>&1
		70
		71	# trigger the sorted events
		72	echo -e '\000\000\000\000' > /proc/sys/kernel/hotplug
		73	/sbin/udevd -d
		74
		75	/sbin/udevadm control --env=STARTUP=1
		76	if [ "$not_first_boot" != "" ];then
		77	/sbin/udevadm trigger --action=add --subsystem-nomatch=tty --subsystem-nomatch=mem --subsystem-nomatch=vc --subsystem-nomatch=vtconsole --subsystem-nomatch=misc --subsystem-nomatch=dcon --subsystem-nomatch=pci_bus --subsystem-nomatch=graphics --subsystem-nomatch=backlight --subsystem-nomatch=video4linux --subsystem-nomatch=platform
		78	(/sbin/udevadm settle --timeout=3; /sbin/udevadm control --env=STARTUP=)&
		79	else
		80	/sbin/udevadm trigger --action=add
		81	/sbin/udevadm settle
		82	fi
		83
		84	test ! -x /sbin/restorecon \|\| /sbin/restorecon /dev
		85
		86	exit 0


diff --git a/recipes-core/udev/udev_164.bbappend b/recipes-core/udev/udev_164.bbappend index 396feae..a699b52 100644 --- a/recipes-core/udev/udev_164.bbappend +++ b/recipes-core/udev/udev_164.bbappend
@@ -1,4 +1,6 @@
1	PR .= ".1"	1	PR .= ".2"
		2
		3	FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}:"
2		4
3	DEPENDS += "${@base_contains('DISTRO_FEATURES', 'selinux', 'libselinux', '', d)}"	5	DEPENDS += "${@base_contains('DISTRO_FEATURES', 'selinux', 'libselinux', '', d)}"
4		6