[Initng] selinux support in initng
Ismael Luceno
ismael.luceno at gmail.com
Thu Mar 1 04:45:39 CET 2007
dragoran escribió:
> Hello,
> Since the fedora-extras review for initng started work has started to
> add selinux support for initng. I started by porting the sysvinit
> patches to initng. This made it possible that selinux loads its policy
> at all.
> But then we run into an other problem:
> The selinux policy does not allow initng to do what it should do (=>
> does not work in enforcing mode).
> This is whats still missing until today.
> There is a bugreport in redhats bugzilla about this issue:
> https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=179761
> One of the problems is that there are some fd leaks in initng.
> When a daemon or a script gets started in its own selinux domain it
> picks up one of the still open fds but they are not in its domain which
> causes problems (not allowed to use them; does not work correctly).
> I have no idea how to fix this thats why I am asking here...
> Any ideas how to get rid of the fd leaks issue?
> When this is solved we can see what avs are remaining and if they are
> fixable inside initng or not. If not we can modificy the policy to work
> with this.
I've opened a ticket for this bug: http://www.initng.org/ticket/753
There's the close-on-exec patch too 8-).
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: OpenPGP digital signature
Url : http://jw.dyndns.org/pipermail/initng/attachments/20070301/64184611/attachment.pgp
More information about the Initng
mailing list