Archives
Archives
| From: | Luis Ressel <aranea@×××××.de> | ||
|---|---|---|---|
| To: | gentoo-hardened@l.g.o | ||
| Subject: | Re: [gentoo-hardened] Running rc-service without run_init | ||
| Date: | Sat, 25 Jan 2014 19:48:31 | ||
| Message-Id: | 20140125204825.0ca8136d@gentp.lnet | ||
| In Reply to: | Re: [gentoo-hardened] Running rc-service without run_init by Sven Vermeulen |
||
| 1 | This patch makes run_init unneccessary for "normal" init scripts (those |
| 2 | labeled initrc_exec_t). However, it's still neccessary for scripts with |
| 3 | custom types, such as iptables. |
| 4 | |
| 5 | Looking at the openrc code clearly shows that rc-service doesn't make |
| 6 | any attempt to transition to the correct domain (initrc_t) beforce |
| 7 | execv()'ing the script. |
| 8 | |
| 9 | Are there any plans to change this? |
| 10 | |
| 11 | |
| 12 | Regards, |
| 13 | Luis |
| 14 | |
| 15 | |
| 16 | -- |
| 17 | Luis Ressel <aranea@×××××.de> |
| 18 | GPG fpr: F08D 2AF6 655E 25DE 52BC E53D 08F5 7F90 3029 B5BD |
| File name | MIME type |
|---|---|
| signature.asc | application/pgp-signature |
| Subject | Author |
|---|---|
| Re: [gentoo-hardened] Running rc-service without run_init | Sven Vermeulen <sven.vermeulen@××××××.be> |