From 9a591fb9ffbe4fc59a0992c19ef830dc118527b4 Mon Sep 17 00:00:00 2001 From: Jeff Vander Stoep Date: Sun, 31 Jan 2016 18:16:50 -0800 Subject: hikey_defconfig: disable devtmpfs Selinux file labeling of /dev is done by ueventd. Devtmpfs may also create files in /dev without properly labeling - leading to a race condition where files are accessed before labeling or created after labeling. Disabling devtmpfs such that all file creation in /dev is done by ueventd resolves these issues. Addresses: avc: denied { write } for name="/" dev="devtmpfs" ino=1025 scontext=u:r:kernel:s0 tcontext=u:object_r:device:s0 tclass=dir avc: denied { mknod } for capability=27 scontext=u:r:kernel:s0 tcontext=u:r:kernel:s0 tclass=capability avc: denied { add_name } for name="usb_accessory" scontext=u:r:kernel:s0 tcontext=u:object_r:device:s0 tclass=dir avc: denied { create } for name="usb_accessory" scontext=u:r:kernel:s0 tcontext=u:object_r:device:s0 tclass=chr_file avc: denied { setattr } for name="usb_accessory" dev="devtmpfs" ino=2082 scontext=u:r:kernel:s0 tcontext=u:object_r:device:s0 tclass=chr_file Change-Id: Iccc06afb035339ba82a9bdd323b14a17d6ee864f --- arch/arm64/configs/hikey_defconfig | 2 -- 1 file changed, 2 deletions(-) diff --git a/arch/arm64/configs/hikey_defconfig b/arch/arm64/configs/hikey_defconfig index 4ad18f050816..1ad6d2f89878 100644 --- a/arch/arm64/configs/hikey_defconfig +++ b/arch/arm64/configs/hikey_defconfig @@ -190,8 +190,6 @@ CONFIG_RFKILL_GPIO=y CONFIG_NET_9P=y CONFIG_NET_9P_VIRTIO=y CONFIG_UEVENT_HELPER_PATH="/sbin/hotplug" -CONFIG_DEVTMPFS=y -CONFIG_DEVTMPFS_MOUNT=y CONFIG_FW_LOADER_USER_HELPER_FALLBACK=y CONFIG_DMA_CMA=y CONFIG_CMA_SIZE_MBYTES=64 -- cgit v1.2.3