tmpfs /dev
Russell Coker
russell at coker.com.au
Sat Sep 11 06:43:54 UTC 2004
On Sat, 11 Sep 2004 02:30, Bill Nottingham <notting at redhat.com> wrote:
> Russell Coker (russell at coker.com.au) said:
> > On Fri, 10 Sep 2004 06:19, Daniel J Walsh <dwalsh at redhat.com> wrote:
> > > You will need to talk to Bill Nottingham about modifying /sbin/init to
> > > do this. They are not crazy about
> > > putting additional code into /sbin/init since it is very hard to debug.
> >
> > We've done it once, we can do it again.
>
> But why is init any better? Especially when it's just spawning a
> shell script - that's a hack.
Spawning a shell script is good for a test. If we decide to run it from init
then we can do it differently in the release version of the code.
> > > They prefer rc.sysinit. They also do not
> >
> > rc.sysinit means changing the policy for init_t, initrc_t, and maybe
> > others.
>
> init runs in init_t, surely?
init runs in init_t AFTER it re-exec's itself. At the time it is doing the SE
Linux stuff it's running as kernel_t or running on a system with no policy
loaded.
--
http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/ Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/ My home page
More information about the fedora-selinux-list
mailing list