From: Luke Kenneth Casson Leighton <lkcl@lkcl.net>
To: Thomas Hood <jdthood@aglu.demon.nl>
Cc: 258725@bugs.debian.org,
"Alexander E. Patrakov" <patrakov@ums.usu.ru>,
SE-Linux <selinux@tycho.nsa.gov>
Subject: Re: Bug#258725: Location of net.agent
Date: Mon, 12 Jul 2004 09:33:09 +0100 [thread overview]
Message-ID: <20040712083309.GU4677@lkcl.net> (raw)
In-Reply-To: <1089615747.2520.213.camel@localhost.localdomain>
On Mon, Jul 12, 2004 at 09:02:27AM +0200, Thomas Hood wrote:
> The reason for using net.agent is precisely to delay the processing
> of hotplug network-interface events until such time as the system is
> ready to bring up network interfaces.
ah ha :)
> We don't want to switch off the hotplug system prior to this because
> then we would miss the events.
switch off?
surely you mean switch on?
> Is it really the case that it would be preferable, for SELinux reasons,
> to put net.agent into a subdirectory of /etc/hotplug/ ?
the alternative is to make a special case for every single
file that could possibly, now and in the future, write into
the directory /etc/hotplug. as you might imagine, that gets
quite messy quite quickly.
by recommending a subdirectory, it is possible to do the
selinux-equivalent of setgid, such that any file in that
subdirectory will be made writeable to the hotplug scripts.
(and incidentally, not by anything else _other_ than the hotplug
scripts, but that's another story)
it would also then be possible for distributions that guarantee
the existence of /var on a local filesystem that will have
been mounted by /etc/init.d/mountall.sh, to symlink /etc/hotplug/run
to /var/run/hotplug.
or /etc/hotplug/state to /var/state/hotplug.
whichever people who have more experience of FHS than i deem to be
more appropriate.
l.
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
next parent reply other threads:[~2004-07-12 8:22 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20040711145538.GA15954@wonderland.linux.it>
[not found] ` <1089615747.2520.213.camel@localhost.localdomain>
2004-07-12 8:33 ` Luke Kenneth Casson Leighton [this message]
2004-07-12 11:16 ` Bug#258725: Location of net.agent Russell Coker
2004-07-12 19:44 ` Luke Kenneth Casson Leighton
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20040712083309.GU4677@lkcl.net \
--to=lkcl@lkcl.net \
--cc=258725@bugs.debian.org \
--cc=jdthood@aglu.demon.nl \
--cc=patrakov@ums.usu.ru \
--cc=selinux@tycho.nsa.gov \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.