[Pkg-sysvinit-devel] Bug#626725: Bug#626725: initscripts: Needs to set SELinux labels for /run
Henrique de Moraes Holschuh
hmh at debian.org
Sun May 15 14:47:46 UTC 2011
On Sat, 14 May 2011, Martin Orr wrote:
> Directories and symlinks created as part of the /run transition are not
> labelled for SELinux. The effect is that most services fail to start on
> boot after transitioning to /run.
>
> You need to run restorecon after creating a directory or symbolic link
> in an init script or maintainer script. Attached patch does this.
>
> /run with SELinux also requires the refpolicy patch I have submitted in
> #626720. Once that is fixed, initscripts should probably have
> Breaks: selinux-policy-default (<< $FIXEDVERSION)
Don't we also need tmpfs with support for security attributes, for it to
work (i.e. for labels to work inside /run)? Does squeeze 2.6.32 support
such labelling?
--
"One disk to rule them all, One disk to find them. One disk to bring
them all and in the darkness grind them. In the Land of Redmond
where the shadows lie." -- The Silicon Valley Tarot
Henrique Holschuh
More information about the Pkg-sysvinit-devel
mailing list