> You don't need to rebuild sysvinit; it already has the selinux support > in opensuse. > > The only issue is how they have configured /etc/inittab (which you still > haven't sent) or how they have set up their init scripts. Things to > look for: > - Does /etc/inittab invoke the rc scripts directly or indirectly via a > shell command? > - Are the scripts under /etc/init.d and /etc/rc.d labeled properly (e.g. > with initrc_exec_t)? Otherwise they won't transition properly. > - Do the scripts under /etc/init.d and /etc/rc.d have a #! header? If > not, then an attempt to execve() them will fail and it will fall back on > the caller to feed them to the shell, at which point you won't have the > normal domain transition. > > -- > Stephen Smalley > National Security Agency > > my bad.. got tied up looking for the avc's denial of init. attached is inittab-orig of what suse has. I'll throw in the inittab from my other system to see if it changes things, then if not look at the file labels -- Justin P. Mattock
Attachment:
inittab-orig
Description: Binary data
