Commit 4caf8c99 authored 11 years ago by Stephen Smalley

Label /dev/socket/mdns with its own type.

Otherwise it gets left in the general device type, and we get denials such
as:
type=1400 msg=audit(1379617262.940:102): avc: denied { write } for pid=579 comm="mDnsConnector" name="mdns" dev="tmpfs" ino=3213 scontext=u:r:system_server:s0 tcontext=u:object_r:device:s0 tclass=sock_file

This of course only shows up if using a confined system_server.

Change-Id: I2456dd7aa4d72e6fd15b55c251245186eb54a80a
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>

parent 755cb39b

No related branches found

No related tags found

Hide whitespace changes

Inline Side-by-side

Showing with 2 additions and 0 deletions

Please register or to comment