[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: tmpfs /dev

From: Russell Coker <russell coker com au>
To: Bill Nottingham <notting redhat com>
Cc: Development discussions related to Fedora Core <fedora-devel-list redhat com>, Daniel J Walsh <dwalsh redhat com>, "Fedora SELinux support list for users & developers." <fedora-selinux-list redhat com>, SE Linux <selinux tycho nsa gov>
Subject: Re: tmpfs /dev
Date: Sat, 11 Sep 2004 16:43:54 +1000

On Sat, 11 Sep 2004 02:30, Bill Nottingham <notting redhat com> wrote:
> Russell Coker (russell coker com au) said:
> > On Fri, 10 Sep 2004 06:19, Daniel J Walsh <dwalsh redhat com> wrote:
> > > You will need to talk to Bill Nottingham about modifying /sbin/init to
> > > do this.  They are not crazy about
> > > putting additional code into /sbin/init since it is very hard to debug.
> >
> > We've done it once, we can do it again.
>
> But why is init any better? Especially when it's just spawning a
> shell script - that's a hack.

Spawning a shell script is good for a test.  If we decide to run it from init 
then we can do it differently in the release version of the code.

> > > They prefer rc.sysinit.  They also do not
> >
> > rc.sysinit means changing the policy for init_t, initrc_t, and maybe
> > others.
>
> init runs in init_t, surely?

init runs in init_t AFTER it re-exec's itself.  At the time it is doing the SE 
Linux stuff it's running as kernel_t or running on a system with no policy 
loaded.

-- 
http://www.coker.com.au/selinux/   My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/  Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/    Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/  My home page

References:
- tmpfs /dev
  - From: Russell Coker
- Re: tmpfs /dev
  - From: Russell Coker
- Re: tmpfs /dev
  - From: Bill Nottingham

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]