tis 2006-06-06 klockan 11:38 +0200 skrev dragoran: > Hello > I am still working on the selinux stuff (does not work as exepted yet). > Please look at this bug report: > https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=179761 > (the last few comments).
Im pretty busy at the moment > 1.) having initng as a plugin does not seem to be a good idea, because > it must be started before initng opens any fd. > after boot initng runs as kernel_t then the selinux code loads the > policy and restarts initng by calling /sbin/initng. > then initng becomes init_t but the problem is that the fds are still > kernel_t which the policy does not allow access to processes like > mount,etc. > so loading the policy should be the first thing initng does (then it > restarts it self and can do its tasks). > ->the selinux init code needs to be moved out of the plugin and added to > the main function (inside ifdefs) Okay, you are free to put the code back in. > 2.) initng seems to execute daemons directly the check if it is a script > or not does not work the solution would be to start all daemons using sh > -c /sbin/udevd (for example) > is this possible somehow? I don't think that it would add any noticeable > overhead. > can a plugin (via hook) change the exec daemon value? > the selinux plugin only has to replace it by sh -c "oldexecstr" > That is a little to much overhead, is it not better to see if the script has a context set, and if not set one? > Sorry for not beeing availbe mutch, i work a lot, every free time i get i try to make som small coding.. /Jimmy -- _______________________________________________ Initng mailing list [email protected] http://jw.dyndns.org/mailman/listinfo/initng
