[ubuntu-hardened] SELinux support in upstart
Scott James Remnant
scott at ubuntu.com
Sun Mar 18 04:44:00 GMT 2007
On Sun, 2007-03-18 at 03:39 +0000, Paul Sladen wrote:
> On Sat, 17 Mar 2007, Chad Sellers wrote:
> > On Mar 17, 2007, at 11:15 PM, Paul Sladen wrote:
> > > On Sat, 17 Mar 2007, Chad Sellers wrote:
> > > > I just checked out the status of SELinux in Ubuntu for the first time
> > > > in a while by looking at Feisty Herd 5.
> > > Chad: perhaps you could outline what support needs adding.
> > I meant support for loading policy, similar to what sysvinit already does.
> > SELinux policy needs to be loaded very early in the boot process
>
> Currently upstart is being used in compatibility mode where it simply runs
> the existing 'sysvinit' startup scripts, so it's likely that this still
> works as expected (this would be a useful experiment to test if you have a
> working setup).
>
Actually the code to load the policy in sysvinit was coded directly into
the init daemon (badly), so upstart simply doesn't support it.
Andrew Mitchell was working on patches for upstart, but they never saw
the light of day.
I'd like to see SELinux supported by it, as long as it's done properly
and not just hacked in any old way.
For example, could the policy be loaded in the initramfs rather than by
init?
Scott
--
Scott James Remnant
Ubuntu Development Manager
scott at ubuntu.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : https://lists.ubuntu.com/archives/upstart-devel/attachments/20070318/0ffbe1e3/attachment.pgp
More information about the upstart-devel
mailing list