Ismael Luceno wrote:
> dragoran escribió:
>> Hello,
>> Since the fedora-extras review for initng started work has started to
>> add selinux support for initng. I started by porting the sysvinit
>> patches to initng. This made it possible that selinux loads its
>> policy at all.
>> But then we run into an other problem:
>> The selinux policy does not allow initng to do what it should do (=>
>> does not work in enforcing mode).
>> This is whats still missing until today.
>> There is a bugreport in redhats bugzilla about this issue:
>> https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=179761
>> One of the problems is that there are some fd leaks in initng.
>> When a daemon or a script gets started in its own selinux domain it
>> picks up one of the still open fds but they are not in its domain
>> which causes problems (not allowed to use them; does not work
>> correctly).
>> I have no idea how to fix this thats why I am asking here...
>> Any ideas how to get rid of the fd leaks issue?
>> When this is solved we can see what avs are remaining and if they are
>> fixable inside initng or not. If not we can modificy the policy to
>> work with this.
>
> The attached patch _may_ fix the fd-leaking issue.
> But be careful, it's untested.
>
thx for the patch.
I have used current-svn + your patch, ifiles 0.1.0 but initng fails to
find the default runlevel (no boot).
I tryed passing runlevel:runlevel/default to initng but no success. any
idea whats wrong?
--
_______________________________________________
Initng mailing list
[email protected]
http://jw.dyndns.org/mailman/listinfo/initng
