On Tue, Aug 25 2009, Michael Biebl wrote:
> Manoj Srivastava wrote:
>> On Tue, Aug 25 2009, Michael Biebl wrote:
>>
>>
>>> first of all, thanks for the patches and interest you've shown so far.
>>
>>> As maintainer of upstart I currently prefer the initramfs solution given the
>>> following arguments:
>>
>>> - selinux is only used a by very low percentage of our users
>>
>> But it is enabled in vompiled in by default in mainstrean
>> Debian, and if upstart wants to get into Debian, perhaps it should
>> follow Debian conventions
>
> upstart is already in Debian, fwiw. What we are talking about here,
> is how to add support for running /sbin/innder selinux.
/sbin/init from the more popular package syvinit has a small
patch that gives it this functionality, and doe s not depend on the
user running initramfs, which many do not.[ge]
>
> There is no such thing as a "Debian convention" that this has to be done by
> patching init.
So, find a solution that does not require mandating initramfs,
and I'll be happy to lend a hand.
>>> - linking against selinux means the list of dependencies increases, which
>>> increases the potential for failures. I try to keep the dependencies
>>> as minimal as possible.
>>
>> Adding a dependency on an initramfs is then a fail. None of my
>> non-laptop machines use an initramfs, and so upstart can't be used
> Upstart can very well be used without an initramfs.
Good. Now if you can demonstrate how it can also support
SELinux, as the rest of Debian core insfrastructure does, while keeping
it so, we will h
>>> - I don't see a good reason to patch each and every /sbin/init if we
>>> can just add support in one place, i.e. the initramfs
>>
>> Because initramfs is not unoversal, and should not be made a
>> requirement to run Debian.
>
> Well, what you ask me about, is to make libselinux a requirement and
> enforce that to upstart. See? What I try to explore is if there are
> better alternatives, and the initramfs solution looks like a simpler
> and easier to maintain solution to me.
Well, libselinux is linked into sysvinit, dpkg, coreutils, and
is in the upstream of findutils. It will exist on every Debian
installation, and is likely to be loaded into the memory as
well. Sounds like not a very onerous requirement to me.
>> Upstream SELinux people have said no such thing. Indeed,
>> upstream init has SELinux patches in mainline now.
>
> No, upstream init has no selinux support. You are wrong here.
sysvinit (2.87dsf-1) unstable; urgency=low
* New upstream release.
- Drop patch 40_selinux now included upstream.
-- Petter Reinholdtsen <[email protected]> Sat, 25 Jul 2009 16:44:55 +0200
Care to look again?
>>
>>> - given that upstream is not going to include the selinux patch in
>>> upstart (as it currently stand), I'd have to carry the patch
>>> forever. Not something I'm very fond of.
>>
>> It is not a big patch, and has not had many issues in init
>> before it went mainstream.
> An upstart selinux patch has never went upstream.
Did I say upstart? I said init, and I meant system V init from
UNIX, in Linux as sysvinit. SELinux patcxh applied in 2005, included in
upstream in 2009.
So, four years with no issues as a patch in Debian, and now in
upstream sysvinit. Not sure this is an issue, really.
> P.S: Manoj, I know your kind of argumentation style, so I'll just stop here,
> because I don't want to engage into endless, pointless discussions.
What, you scared of fact based arguments?
manoj
--
Murphy's Law is recursive. Washing your car to make it rain doesn't
work.
Manoj Srivastava <[email protected]> <http://www.debian.org/~srivasta/>
1024D/BF24424C print 4966 F272 D093 B493 410B 924B 21BA DABB BF24 424C
--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]
