-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 09/27/2011 12:40 PM, Guido Trentalancia wrote:
> On Tue, 2011-09-27 at 08:46 -0400, Stephen Smalley wrote:
>> On Fri, 2011-09-23 at 19:12 -0400, Eric Paris wrote:
>>> On Sat, 2011-09-24 at 00:38 +0200, Guido Trentalancia wrote:
>>>> Hello Eric.
>>>>
>>>> On Fri, 2011-09-23 at 17:17 -0400, Eric Paris wrote:
>>>>> On Fri, 2011-09-23 at 23:12 +0200, Guido Trentalancia
>>>>> wrote:
>>>>>
>>>>>> You seem to suggest that load_policy -i (and not the
>>>>>> kernel) should make sure that init has transitioned to
>>>>>> its designated context...
>>>>>
>>>>> Can't speak for Justin's system.
>>>>
>>>> That's for sure. But it seems to me that he already stated
>>>> that it just loaded plain refpolicy from git on a plain F15
>>>> system. Since we are on the list he might even confirm once
>>>> again...
>>>>
>>>>> But that's not what I said. I said it's /sbin/init's
>>>>> problem to make sure it did the right thing and to handle
>>>>> errors correctly if it failed. If Justin has his box
>>>>> enforcing and can boot without loading a policy that's a
>>>>> bug and needs to be filed.
>>>>
>>>> He has loaded the policy.
>>>>
>>>> The point is that when init does not transition to init_t
>>>> nothing happens and the system keeps running with all
>>>> processes in kernel_t or insmod_t.
>>>>
>>>> It surely use to happen with upstream components and policy
>>>> back at the beginning of this year (I did test that and
>>>> reported it to the refpolicy mailing list).
>>>>
>>>> Apparently it also happens with Fedora 15 according to what
>>>> Justin reported on here when he started this thread...
>>>>
>>>> Earlier on Daniel Walsh said Fedora and RHEL would crash in
>>>> such case (init has not transitioned properly to init_t).
>>>
>>> Ahhh, different than I was talking sorry. In upstream systemd
>>> git the code in question looks like so:
>>>
>>> /* Transition to the new context */ r =
>>> label_get_create_label_from_exe(SYSTEMD_BINARY_PATH, &label);
>>> if (r < 0 || label == NULL) { log_open(); log_error("Failed to
>>> compute init label, ignoring."); } else { r = setcon(label);
>>>
>>> log_open(); if (r < 0) log_error("Failed to transition into
>>> init label '%s', ignoring.", label);
>>>
>>> label_free(label); }
>>>
>>> sds, what do you think, should we make these? We do know the
>>> requisite enforce state in this function...
>>
>> These should be fatal errors if enforcing.
>
> Yes, I agree. Fatal errors and system halt.
>
> This is especially true because the box might not be isolated from
> the outside world for network services might be up and running in
> wrong contexts.
>
> Thanks.
>
> Guido
>
>
>
> -- This message was distributed to subscribers of the selinux
> mailing list. If you no longer wish to subscribe, send mail to
> majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux"
> without quotes as the message.
Please open a bugzilla, always better coming from outside of Red Hat
and CC eric and me.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAk6CD0YACgkQrlYvE4MpobNF/ACg3qPSOhiTUj0JlUfhJVA9X5tY
O/gAn1U4EWHloCQXY3prySxS9HjtPoNb
=oC9z
-----END PGP SIGNATURE-----
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.
