From: Wenzong Fan <wenzong....@windriver.com> devpts use file_use_trans to allocate security contexts. As there are no range_trans rules for initrc_t mounting devpts, the security level of mountpoint will be derived from the initrc process, to be systemhigh (s15:c0.c1023), instead of expected systemlow(s0).
This will block login shells to search PTYs, so use restorecon to fix this. Signed-off-by: Wenzong Fan <wenzong....@windriver.com> --- recipes-core/initscripts/initscripts/devpts.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/recipes-core/initscripts/initscripts/devpts.sh b/recipes-core/initscripts/initscripts/devpts.sh index c6043fb..a0b037f 100755 --- a/recipes-core/initscripts/initscripts/devpts.sh +++ b/recipes-core/initscripts/initscripts/devpts.sh @@ -24,5 +24,6 @@ then then mkdir -p /dev/pts mount -t devpts devpts /dev/pts -ogid=${TTYGRP},mode=${TTYMODE} + test ! -x /sbin/restorecon || /sbin/restorecon -F /dev/pts fi fi -- 1.7.9.5 -- _______________________________________________ yocto mailing list yocto@yoctoproject.org https://lists.yoctoproject.org/listinfo/yocto