On Wed, 2005-03-23 at 12:03 +0100, Stefan SF wrote: > > Woah, there aren't supposed to be any files labeled urandom_device_t. > > Either you misread the denials, or something is wrong. > > ls -lZ /dev/urandom > cr--r--r-- root root system_u:object_r:urandom_device_t > /dev/urandom > > You make me feel nervous :)
This is correct, /dev/urandom is supposed to be a chr_file, and the only
object in the filesystem labeled urandom_device_t. But you had these
rules in your previous post:
allow courier_tcpd_t urandom_device_t:{ chr_file file } read;
allow courier_imap_t urandom_device_t:{ chr_file file } read;
Theres a difference between file and chr_file :) You don't want file in
these rules, only chr_file. Since you had file in there too, I figured
that something was going on.
--
Chris PeBenito
<[EMAIL PROTECTED]>
Developer,
Hardened Gentoo Linux
Embedded Gentoo Linux
Public Key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xE6AF9243
Key fingerprint = B0E6 877A 883F A57A 8E6A CB00 BC8E E42D E6AF 9243
signature.asc
Description: This is a digitally signed message part
