On Mon, 17 Feb 2014 19:24:51 +0000 Sven Vermeulen <sw...@gentoo.org> wrote:
> The init script approach is what most distributions are doing. We also > relabel cpu/online in the selinux_gentoo init script. > > But the approach you mentioned on the other mailinglist (regarding > reusing the statement already in use for /proc stuff) seems like a > valid case - interesting to see what's going to happen ;) Yes, I'm trying to find better technical solutions than the init script approach, both for cpu_online_t and for the sysfs access. I've just written a kernel patch to make the sysfs gid configurable, let's see if grsecurity will incorporate it... Regards, Luis Ressel
signature.asc
Description: PGP signature
