[refpolicy] file contexts for /proc/sys/* missing

Sven Vermeulen sven.vermeulen at siphos.be
Wed Dec 29 12:56:11 CST 2010


Hi all,

My system seems to be unable to give proper security contexts to the "files"
in /proc/sys/*:

hpl sys # ls -laZ /proc/sys/
total 0
dr-xr-xr-x.   1 root wheel system_u:object_r:sysctl_t 0 Dec 29 18:45 .
dr-xr-xr-x. 154 root root  system_u:object_r:proc_t   0 Dec 29 18:45 ..
dr-xr-xr-x    0 root root  ?                          0 Dec 29 19:31 abi
dr-xr-xr-x    0 root root  ?                          0 Dec 29 19:31 debug
dr-xr-xr-x    0 root root  ?                          0 Dec 29 19:31 dev
dr-xr-xr-x    0 root root  ?                          0 Dec 29 18:45 fs
dr-xr-xr-x    0 root root  ?                          0 Dec 29 19:31 kernel
dr-xr-xr-x    0 root root  ?                          0 Dec 29 19:29 net
dr-xr-xr-x    0 root root  ?                          0 Dec 29 19:31 sunrpc
dr-xr-xr-x    0 root root  ?                          0 Dec 29 19:31 vm

It seems that kernel.te should generate the necessary contexts, and for some
other locations (like /proc/net) it does:

dr-xr-xr-x. 6 root wheel staff_u:staff_r:staff_t        0 Dec 29 19:52 .
dr-x------. 7 root wheel staff_u:staff_r:staff_t        0 Dec 29 19:52 ..
-r--r--r--. 1 root wheel system_u:object_r:proc_net_t   0 Dec 29 19:52 arp
-r--r--r--. 1 root wheel system_u:object_r:proc_net_t   0 Dec 29 19:52 connector
-r--r--r--. 1 root wheel system_u:object_r:proc_net_t   0 Dec 29 19:52 dev
-r--r--r--. 1 root wheel system_u:object_r:proc_net_t   0 Dec 29 19:52 dev_mcast
[...]

How do I go about to debug this? I was hoping to put some debugging
statements along the line of the genfscon macro, but can't find its
definition anywhere.

Wkr,
	Sven Vermeulen
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
Url : http://oss.tresys.com/pipermail/refpolicy/attachments/20101229/7c65a386/attachment.bin 


More information about the refpolicy mailing list