tmpfs /dev

Russell Coker russell at coker.com.au
Sat Sep 11 06:43:54 UTC 2004


On Sat, 11 Sep 2004 02:30, Bill Nottingham <notting at redhat.com> wrote:
> Russell Coker (russell at coker.com.au) said:
> > On Fri, 10 Sep 2004 06:19, Daniel J Walsh <dwalsh at redhat.com> wrote:
> > > You will need to talk to Bill Nottingham about modifying /sbin/init to
> > > do this.  They are not crazy about
> > > putting additional code into /sbin/init since it is very hard to debug.
> >
> > We've done it once, we can do it again.
>
> But why is init any better? Especially when it's just spawning a
> shell script - that's a hack.

Spawning a shell script is good for a test.  If we decide to run it from init 
then we can do it differently in the release version of the code.

> > > They prefer rc.sysinit.  They also do not
> >
> > rc.sysinit means changing the policy for init_t, initrc_t, and maybe
> > others.
>
> init runs in init_t, surely?

init runs in init_t AFTER it re-exec's itself.  At the time it is doing the SE 
Linux stuff it's running as kernel_t or running on a system with no policy 
loaded.

-- 
http://www.coker.com.au/selinux/   My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/  Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/    Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/  My home page





More information about the fedora-devel-list mailing list