Comment 2 for bug 7198

Message-Id: <email address hidden>
Date: Thu, 29 Jul 2004 03:07:45 +0100
From: Luke Kenneth Casson Leighton <email address hidden>
To: Debian Bug Tracking System <email address hidden>
Subject: udev has had selinux support removed and now breaks with initrd (i.e. debian)

Package: udev
Version: 0.030-1
Severity: critical

it's not okay to remove the c-code that does setting of
permissions, to replace with a script.

the selinux file permissions MUST be set at device-node create time,
_not_ later.

in order to get a working system, i will need to find the old version
and use that.

this is all operating at _boot_ time from an initial ramdisk on
debian, so things like the hard drive (accessible via /dev/hda2)
aren't accessible because selinux is a MANDATORY access control
system: /dev/hda2 isn't accessible because its permissions are
set to (null) - i.e. no access - therefore i can't GET to the
restorecon program NOR to the scripts in /etc/dev.d/

please ask the developer to consider releasing two versions of
udev - se_udev and udev.

one with #ifdef WITH_SELINUX enabled, and one without.

thanks,

l.

-- System Information:
Debian Release: testing/unstable
Architecture: i386
Kernel: Linux highfield 2.6.6-selinux1 #5 Tue May 18 16:33:29 GMT 2004 i686
Locale: LANG=C, LC_CTYPE=C

Versions of packages udev depends on:
ii debconf [debconf-2.0] 1.4.25 Debian configuration management sy
ii hotplug 0.0.20040329-12 Linux Hotplug Scripts
ii initscripts 2.85-22.se2 Standard scripts needed for bootin
ii libc6 2.3.2.ds1-13 GNU C Library: Shared libraries an
ii libnewt0.51 0.51.6-5 Not Erik's Windowing Toolkit - tex
ii makedev 2.3.1-74 Creates device files in /dev

-- debconf information excluded