[ubuntu-hardened] SELinux support in upstart
Scott James Remnant
scott at ubuntu.com
Sun Mar 18 22:19:54 GMT 2007
On Sun, 2007-03-18 at 12:54 -0400, Stephen Carpenter, KSC wrote:
> On Sun, Mar 18, 2007 at 02:59:33PM +0000, Paul Sladen wrote:
> > On Sun, 18 Mar 2007, Chad Sellers wrote:
> > > On Mar 18, 2007, at 12:44 AM, Scott James Remnant wrote:
> > > > On Sun, 2007-03-18 at 03:39 +0000, Paul Sladen wrote:
> > > > For example, could the policy be loaded in the initramfs
> > > if the initrd is going to load the policy then the initrd has to have
> > > the policy. So, you have to rebuild the initrd repeatedly.
> >
> > and once this 'initramfs' is rebuilt, then the 'selinux' loader file will be
> > executed on next boot. As the root-filesystem is now available, the loader
> > can find the policy files there ('/etc/security/*'?). This is still before
> > 'init' ('upstart') has been handed control.
>
> heh you mean second init? I believe from the kernel's perspective, init
> started right after it loaded the initramfs :) or does control get
> passed back? I thought the initramfs handled the whole mounting and
> control passing.
>
The kernel things the initramfs one is init, so that has to exec the
real one through a syscall that wipes out the initramfs and changes the
root filesystem.
Of course, one could always use Upstart in the initramfs as /sbin/init,
instead of trying to make some kind of event-based or dependency system
with shell like yaird or initramfs-tools. You'd have to switch over and
exec the /sbin/init in the real filesystem, but Upstart can transfer its
state to that new process -- so "stop usplash" would actually work in
the real filesystem despite it being started in the initramfs.
Scott
--
Scott James Remnant
Ubuntu Development Manager
scott at ubuntu.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : https://lists.ubuntu.com/archives/upstart-devel/attachments/20070318/31b3f3b9/attachment.pgp
More information about the upstart-devel
mailing list