On Sat, 11 Sep 2004 02:30, Bill Nottingham <notting@xxxxxxxxxx> wrote: > Russell Coker (russell@xxxxxxxxxxxx) said: > > On Fri, 10 Sep 2004 06:19, Daniel J Walsh <dwalsh@xxxxxxxxxx> wrote: > > > You will need to talk to Bill Nottingham about modifying /sbin/init to > > > do this. They are not crazy about > > > putting additional code into /sbin/init since it is very hard to debug. > > > > We've done it once, we can do it again. > > But why is init any better? Especially when it's just spawning a > shell script - that's a hack. Spawning a shell script is good for a test. If we decide to run it from init then we can do it differently in the release version of the code. > > > They prefer rc.sysinit. They also do not > > > > rc.sysinit means changing the policy for init_t, initrc_t, and maybe > > others. > > init runs in init_t, surely? init runs in init_t AFTER it re-exec's itself. At the time it is doing the SE Linux stuff it's running as kernel_t or running on a system with no policy loaded. -- http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/ Postal SMTP/POP benchmark http://www.coker.com.au/~russell/ My home page
