[ubuntu-hardened] SELinux support in upstart
Chad Sellers
chad at thesellers.net
Sun Mar 18 03:23:54 GMT 2007
On Mar 17, 2007, at 11:15 PM, Paul Sladen wrote:
> On Sat, 17 Mar 2007, Chad Sellers wrote:
>
> Scott,
>
> Perhaps you're able to answer this.
>
>> I just checked out the status of SELinux in Ubuntu for the first time
>> in a while by looking at Feisty Herd 5. It looks like much of the
>> userspace tool support is present, as much of this is pulled from
>> Debian etch. The one big hole remaining seems to be SELinux support
>> in upstart. I realize you can switch back to sysvinit to get SELinux
>> support, but that's clearly not desirable in the long term. Have you
>> guys looked at adding SELinux support to upstart? Do you think this
>> would be well received upstream?
>
> Chad: perhaps you could outline what support needs adding.
I meant support for loading policy, similar to what sysvinit already
does. SELinux policy needs to be loaded very early in the boot
process in order to get processes into the correct contexts .
sysvinit already does this, but Ubuntu switched away from sysvinit
and created a new boot system - upstart. upstart doesn't load the
policy on boot. I'm talking about adding support to upstart to load
the policy early on in the boot process.
Let me know if you'd like more detail.
Thanks,
Chad Sellers
More information about the ubuntu-hardened
mailing list