Hello,
Since the fedora-extras review for initng started work has started to
add selinux support for initng. I started by porting the sysvinit
patches to initng. This made it possible that selinux loads its policy
at all.
But then we run into an other problem:
The selinux policy does not allow initng to do what it should do (=>
does not work in enforcing mode).
This is whats still missing until today.
There is a bugreport in redhats bugzilla about this issue:
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=179761
One of the problems is that there are some fd leaks in initng.
When a daemon or a script gets started in its own selinux domain it
picks up one of the still open fds but they are not in its domain which
causes problems (not allowed to use them; does not work correctly).
I have no idea how to fix this thats why I am asking here...
Any ideas how to get rid of the fd leaks issue?
When this is solved we can see what avs are remaining and if they are
fixable inside initng or not. If not we can modificy the policy to work
with this.
--
_______________________________________________
Initng mailing list
[email protected]
http://jw.dyndns.org/mailman/listinfo/initng
