Starting daemons is done in simple_execute plugin, that all exec executes are run, Use a sh for all programs if initng is compiled with selinux support, better overhead then no support.
I am working on bash_parser, its a complete new syntax and behavior for running service daemons, check my example scripts: http://svn.initng.org/init-scripts/ and tell me what you think. /Jimmy On Tue, 2006-06-06 at 12:20 +0200, dragoran wrote: > Jimmy Wennlund schrieb: > > tis 2006-06-06 klockan 11:38 +0200 skrev dragoran: > > > >> Hello > >> I am still working on the selinux stuff (does not work as exepted yet). > >> Please look at this bug report: > >> https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=179761 > >> (the last few comments). > >> > > > > Im pretty busy at the moment > > > > > ok no problem I am now busy too ;) > had one free week and wanted to code something > >> 1.) having initng as a plugin does not seem to be a good idea, because > >> it must be started before initng opens any fd. > >> after boot initng runs as kernel_t then the selinux code loads the > >> policy and restarts initng by calling /sbin/initng. > >> then initng becomes init_t but the problem is that the fds are still > >> kernel_t which the policy does not allow access to processes like > >> mount,etc. > >> so loading the policy should be the first thing initng does (then it > >> restarts it self and can do its tasks). > >> ->the selinux init code needs to be moved out of the plugin and added to > >> the main function (inside ifdefs) > >> > > Okay, you are free to put the code back in. > > > > > ok will do that > >> 2.) initng seems to execute daemons directly the check if it is a script > >> or not does not work the solution would be to start all daemons using sh > >> -c /sbin/udevd (for example) > >> is this possible somehow? I don't think that it would add any noticeable > >> overhead. > >> can a plugin (via hook) change the exec daemon value? > >> the selinux plugin only has to replace it by sh -c "oldexecstr" > >> > >> > > That is a little to much overhead, is it not better to see if the script > > has a context set, and if not set one? > > > > > this won't work because init is only allowed to directly trans to > initrc_t (sh is autotransed to the service's domain) > if using sh is to much overhead would it be less overhead to have a > simple helper app that does this? > other question: > where is the code that starts the daemons? (those how are noted exec > daemon= ... in the ifiles) > > > > Sorry for not beeing availbe mutch, i work a lot, every free time i get > > i try to make som small coding.. > > > > > ok no problem at all > > /Jimmy > > > > > -- _______________________________________________ Initng mailing list [email protected] http://jw.dyndns.org/mailman/listinfo/initng
