Stephen Smalley wrote:

>On Tue, 2003-10-21 at 10:43, Russell Coker wrote: 
>  
>
>>The results I have so far indicate that this approach has significant 
>>problems.
>>
>>Diverting /sbin/init with a shell script works better than this.
>>    
>>
>
>Ok, thanks for looking into it.  So what exactly is the problem with
>diverting /sbin/init again?  
>
>  
>
I still believe that the patch to /sbin/init is simple enough that all 
the rest of this stuff is complicating matters.  It allows too many ways 
for someone to make a modification that breaks security.  I have updated 
the files on people.redhat.com/dwalsh to use the modified init.  I have 
passed this by Bill Nottingham (Red Hat maintainer) and he is ok with it.

Of course if someone comes up with a simpler solution we would look at it.

Dan