[RFC PATCH] use sulogin in single-user mode

[Chris Adams]

Once upon a time, Bill Nottingham <notting at redhat.com> said:
> Jon Ciesla (limb at jcomserv.net) said: 
> > My thoughts exactly.  What are the less simple fixes that don't change 
> > this behaviour?
> 
> Essentially, introducing new scripts solely for this purpose that can
> be given a special label and some policy. It's a hack.

It seems that some prefer bash (dash would probably be better as a
lighter-weight and less-dependencies shell) and some prefer sulogin
(which I think should be "sulogin -e", but that may just be me), and
that this should be called from multiple places (single-user mode, fsck
failures).

It may seem like a hack, but it would seem to me that an external script
or program would be the right way to go, to allow people to change it
according to local policy.  On a desktop system (where it seems the goal
is to eliminate the all-powerful "root"), the password may be unknown or
not even set, so requiring the root password would be a bad idea.  Some
server setups may require a password in every case (including failure
modes).

If it is done with an external script/program, rc.sysinit should be
changed as well (and since this should handle SELinux correctly, the
disabling/enabling of SELinux could be removed).

-- 
Chris Adams <cmadams at hiwaay.net>
Systems and Network Administrator - HiWAAY Internet Services
I don't speak for anybody but myself - that's enough trouble.