On Mon, 2010-02-22 at 13:25 -0800, Justin Mattock wrote: > > You don't need to rebuild sysvinit; it already has the selinux support > > in opensuse. > > > > The only issue is how they have configured /etc/inittab (which you still > > haven't sent) or how they have set up their init scripts. Things to > > look for: > > - Does /etc/inittab invoke the rc scripts directly or indirectly via a > > shell command? > > - Are the scripts under /etc/init.d and /etc/rc.d labeled properly (e.g. > > with initrc_exec_t)? Otherwise they won't transition properly. > > - Do the scripts under /etc/init.d and /etc/rc.d have a #! header? If > > not, then an attempt to execve() them will fail and it will fall back on > > the caller to feed them to the shell, at which point you won't have the > > normal domain transition. > > > > -- > > Stephen Smalley > > National Security Agency > > > > > > my bad.. got tied up looking for the avc's denial > of init. attached is inittab-orig of what suse has. Ok, so they invoke /etc/init.d/rc with the runlevel as an argument. So: - What does ls -Z /etc/init.d/rc show? - What does head /etc/init.d/rc show? -- Stephen Smalley National Security Agency -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
