[RFC PATCH] use sulogin in single-user mode
Chris Adams
cmadams at hiwaay.net
Tue Feb 2 15:13:00 UTC 2010
Once upon a time, Bill Nottingham <notting at redhat.com> said:
> We have an existing bug where if you're in single-user mode, and
> SELinux is active, various commands don't print to the console.
> The root of this is the single-user shell isn't running in the
> right SELinux context, as there's nothing to distinguish this from
> the 'normal' shells run during bootup.
>
> By far, the simplest fix is to run something that starts a shell
> via a 'normal' login-ish mechanism. Hence, the attached patch
> that switches to sulogin for single user mode.
One other note about this: this would break with a separate /usr and a
failure in mounting /usr, because (at least in F12) /sbin/sulogin is
linked against libfreebl3.so (which is in /usr/lib{,64}). It looks like
libfreebl3.so was moved from /lib{,64} in F11 to /usr/lib{,64} in F12,
but the changelog doesn't say why.
This is already a problem, because an fsck failure tries to start
sulogin (and if the fsck failure is on /usr, you're hosed).
I'd still prefer this to be configurable according to local policy (e.g.
use a /sbin/single-user-shell program that can try sulogin, /bin/bash,
/bin/dash, etc., possibly according to something in /etc/sysconfig).
--
Chris Adams <cmadams at hiwaay.net>
Systems and Network Administrator - HiWAAY Internet Services
I don't speak for anybody but myself - that's enough trouble.
More information about the devel
mailing list