Re: for bootsplash to operate correctly...

[Luke Kenneth Casson Leighton <lkcl@lkcl.net>]

On Wed, Sep 08, 2004 at 11:01:11PM -0400, Chris PeBenito wrote:
> On Wed, 2004-09-08 at 18:41, Luke Kenneth Casson Leighton wrote:
> > ... i hacked in the three following permissions:
> > 
> > # this is to allow splash to write to /proc/splash
> > allow initrc_t proc_t:file { write };
> 
> > # this is for fbmngplay to do err... *clueless*
> > allow initrc_t self:capability { sys_admin };
> > 
> > i look forward to one day writing a policy for the bootsplash
> > package :)
> > 
> 
> I threw together a bootsplash policy several months ago to get the
> Gentoo LiveCD going.  I always forget about it since I only use
> bootsplash on the LiveCD.  I didn't encounter that sys_admin capability
> that you have, but it might be a result of the bootsplash setings.  We
> probably should label /proc/splash differently, now that I think about
> it.
 
 fbmngplay is the "animations" program.

 [change of topic]

 i had to disable that for other reasons: because it is running,
 it seems to lock out the /usr partition.  because of that,
 umount at shutdown actually remounts it as read-only.  because
 of _that_, stupid-debian-selinux can't stupid-remount the
 stupid-/usr partition and you end up with an unusable system.

 if i disable selinux before one of these boots (permissive) then
 it boots up fine.

 l.


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.