[RFC PATCH] use sulogin in single-user mode
Dominik 'Rathann' Mierzejewski
dominik at greysector.net
Thu Jan 21 17:47:38 UTC 2010
On Thursday, 21 January 2010 at 18:21, Bill Nottingham wrote:
> We have an existing bug where if you're in single-user mode, and
> SELinux is active, various commands don't print to the console.
> The root of this is the single-user shell isn't running in the
> right SELinux context, as there's nothing to distinguish this from
> the 'normal' shells run during bootup.
>
> By far, the simplest fix is to run something that starts a shell
> via a 'normal' login-ish mechanism. Hence, the attached patch
> that switches to sulogin for single user mode.
>
> However, this changes behavior that has existed since the dawn
> of time in Red Hat/Fedora systems; with this change, single-user
> mode would now require the root password. This is both when
> booting with 'linux single/linux S', or going to runlevel 1
> with 'telinit 1'.
>
> Comments?
Well, I understand the problem that this patch is addressing.
However, the ability to get root shell on runlevel 1 without
root password has always been a time saver when you forgot it
or couldn't contact the previous admin. It saved me from:
* booting from a livecd (assuming it had a cd drive)
* booting from PXE (assuming it had a PXE-capable eth)
* taking out the root drive and mounting it in a different
machine
So yeah, I'm slightly opposed to this change.
Regards,
R.
--
Fedora http://fedoraproject.org/wiki/User:Rathann
RPMFusion http://rpmfusion.org | MPlayer http://mplayerhq.hu
"Faith manages."
-- Delenn to Lennier in Babylon 5:"Confessions and Lamentations"
More information about the devel
mailing list