On Thursday, 21 January 2010 at 18:21, Bill Nottingham wrote:
We have an existing bug where if you're in single-user mode, and SELinux is active, various commands don't print to the console. The root of this is the single-user shell isn't running in the right SELinux context, as there's nothing to distinguish this from the 'normal' shells run during bootup.
By far, the simplest fix is to run something that starts a shell via a 'normal' login-ish mechanism. Hence, the attached patch that switches to sulogin for single user mode.
However, this changes behavior that has existed since the dawn of time in Red Hat/Fedora systems; with this change, single-user mode would now require the root password. This is both when booting with 'linux single/linux S', or going to runlevel 1 with 'telinit 1'.
Comments?
Well, I understand the problem that this patch is addressing. However, the ability to get root shell on runlevel 1 without root password has always been a time saver when you forgot it or couldn't contact the previous admin. It saved me from: * booting from a livecd (assuming it had a cd drive) * booting from PXE (assuming it had a PXE-capable eth) * taking out the root drive and mounting it in a different machine
So yeah, I'm slightly opposed to this change.
Regards, R.