Hello I am still working on the selinux stuff (does not work as exepted yet). Please look at this bug report: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=179761 (the last few comments). 1.) having initng as a plugin does not seem to be a good idea, because it must be started before initng opens any fd. after boot initng runs as kernel_t then the selinux code loads the policy and restarts initng by calling /sbin/initng. then initng becomes init_t but the problem is that the fds are still kernel_t which the policy does not allow access to processes like mount,etc. so loading the policy should be the first thing initng does (then it restarts it self and can do its tasks). ->the selinux init code needs to be moved out of the plugin and added to the main function (inside ifdefs) 2.) initng seems to execute daemons directly the check if it is a script or not does not work the solution would be to start all daemons using sh -c /sbin/udevd (for example) is this possible somehow? I don't think that it would add any noticeable overhead. can a plugin (via hook) change the exec daemon value? the selinux plugin only has to replace it by sh -c "oldexecstr"
-- _______________________________________________ Initng mailing list [email protected] http://jw.dyndns.org/mailman/listinfo/initng
