From: Wenzong Fan <wenzong....@windriver.com>
devpts use file_use_trans to allocate security contexts. As there are no
range_trans rules for initrc_t mounting devpts, the security level of
mountpoint will be derived from the initrc process, to be systemhigh
(s15:c0.c1023), instead of expected systemlow(s0).
This will block login shells to search PTYs, so use restorecon to fix
this.
Signed-off-by: Wenzong Fan <wenzong....@windriver.com>
---
recipes-core/initscripts/initscripts/devpts.sh | 1 +
1 file changed, 1 insertion(+)
diff --git a/recipes-core/initscripts/initscripts/devpts.sh
b/recipes-core/initscripts/initscripts/devpts.sh
index c6043fb..a0b037f 100755
--- a/recipes-core/initscripts/initscripts/devpts.sh
+++ b/recipes-core/initscripts/initscripts/devpts.sh
@@ -24,5 +24,6 @@ then
then
mkdir -p /dev/pts
mount -t devpts devpts /dev/pts -ogid=${TTYGRP},mode=${TTYMODE}
+ test ! -x /sbin/restorecon || /sbin/restorecon -F /dev/pts
fi
fi
--
1.7.9.5
--
_______________________________________________
yocto mailing list
yocto@yoctoproject.org
https://lists.yoctoproject.org/listinfo/yocto
