From 6845442c3cf532b88a3516675733195556cfbd63 Mon Sep 17 00:00:00 2001 From: Xin Ouyang Date: Tue, 11 Sep 2012 16:00:09 +0800 Subject: udev: initscript restore security context for /dev Poky/oe-core has set CONFIG_DEVTMPFS_MOUNT=y for kernel to mount /dev with devtmpfs itself. With MLS policy, kernel is running in s15:c0.c1023 level, so /dev will be relabeled to this high level too. This will cause processes running with low levels can not visit /dev directory. So, we just run restorecon /dev to fix this. Signed-off-by: Xin Ouyang --- recipes-core/udev/udev/init | 86 +++++++++++++++++++++++++++++++++++++ recipes-core/udev/udev_164.bbappend | 4 +- 2 files changed, 89 insertions(+), 1 deletion(-) create mode 100644 recipes-core/udev/udev/init diff --git a/recipes-core/udev/udev/init b/recipes-core/udev/udev/init new file mode 100644 index 0000000..44a192a --- /dev/null +++ b/recipes-core/udev/udev/init @@ -0,0 +1,86 @@ +#!/bin/sh + +### BEGIN INIT INFO +# Provides: udev +# Required-Start: mountvirtfs +# Required-Stop: +# Default-Start: S +# Default-Stop: +# Short-Description: Start udevd, populate /dev and load drivers. +### END INIT INFO + +export TZ=/etc/localtime + +[ -d /sys/class ] || exit 1 +[ -r /proc/mounts ] || exit 1 +[ -x /sbin/udevd ] || exit 1 +[ -f /etc/default/udev-cache ] && . /etc/default/udev-cache +[ -f /etc/udev/udev.conf ] && . /etc/udev/udev.conf + +readfile () { + filename=$1 + READDATA="" + if [ -r $filename ]; then + while read line; do + READDATA="$READDATA$line" + done < $filename + fi +} + +kill_udevd() { + pid=`pidof -x udevd` + [ -n "$pid" ] && kill $pid +} + +export ACTION=add +# propagate /dev from /sys +echo "Starting udev" + +# mount the tmpfs on /dev, if not already done +LANG=C awk '$2 == "/dev" && ($3 == "tmpfs" || $3 == "devtmpfs") { exit 1 }' /proc/mounts && { + mount -n -o mode=0755 -t tmpfs none "/dev" +} +[ -e /dev/pts ] || mkdir -m 0755 /dev/pts +[ -e /dev/shm ] || mkdir -m 1777 /dev/shm + +# cache handling +if [ "$DEVCACHE" != "" ]; then + readfile /proc/version + VERSION="$READDATA" + readfile /proc/cmdline + CMDLINE="$READDATA" + readfile /proc/devices + DEVICES="$READDATA" + readfile /proc/atags + ATAGS="$READDATA" + + if [ -e $DEVCACHE ]; then + readfile /etc/udev/cache.data + if [ "$READDATA" = "$VERSION$CMDLINE$DEVICES$ATAGS" ]; then + (cd /; tar xf $DEVCACHE > /dev/null 2>&1) + not_first_boot=1 + fi + + echo "$VERSION$CMDLINE$DEVICES$ATAGS" > /dev/shm/udev.cache + fi +fi + +# make_extra_nodes +kill_udevd > "/dev/null" 2>&1 + +# trigger the sorted events +echo -e '\000\000\000\000' > /proc/sys/kernel/hotplug +/sbin/udevd -d + +/sbin/udevadm control --env=STARTUP=1 +if [ "$not_first_boot" != "" ];then + /sbin/udevadm trigger --action=add --subsystem-nomatch=tty --subsystem-nomatch=mem --subsystem-nomatch=vc --subsystem-nomatch=vtconsole --subsystem-nomatch=misc --subsystem-nomatch=dcon --subsystem-nomatch=pci_bus --subsystem-nomatch=graphics --subsystem-nomatch=backlight --subsystem-nomatch=video4linux --subsystem-nomatch=platform + (/sbin/udevadm settle --timeout=3; /sbin/udevadm control --env=STARTUP=)& +else + /sbin/udevadm trigger --action=add + /sbin/udevadm settle +fi + +test ! -x /sbin/restorecon || /sbin/restorecon /dev + +exit 0 diff --git a/recipes-core/udev/udev_164.bbappend b/recipes-core/udev/udev_164.bbappend index 396feae..a699b52 100644 --- a/recipes-core/udev/udev_164.bbappend +++ b/recipes-core/udev/udev_164.bbappend @@ -1,4 +1,6 @@ -PR .= ".1" +PR .= ".2" + +FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}:" DEPENDS += "${@base_contains('DISTRO_FEATURES', 'selinux', 'libselinux', '', d)}" -- cgit v1.2.3-54-g00ecf