[PATCH] sysvinit-inittab: Move start_getty scrip to base

Openembedded Core Discussions
 help / color / mirror / Atom feed

* [PATCH] sysvinit-inittab: Move start_getty scrip to base_bindir.
@ 2016-02-20 17:55 Philip Tricca
  2016-02-28  2:33 ` Philip Tricca
  0 siblings, 1 reply; 2+ messages in thread
From: Philip Tricca @ 2016-02-20 17:55 UTC (permalink / raw)
  To: openembedded-core

When this file is in ${sysconfdir}/init.d, SELinux labels it as a generic
init script (initrc_t). This causes problms at runtime because SELinux
doesn't let the login process execute generic init script. Moving this
helper script to base_bindir results in it being labeled as a generic
binary (bin_t). Nearly every SELinux domain is allowed to execute
generic binaries and the login process is one of them.

Signed-off-by: Philip Tricca <flihp@twobit.us>
---
 meta/recipes-core/sysvinit/sysvinit-inittab_2.88dsf.bb | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/meta/recipes-core/sysvinit/sysvinit-inittab_2.88dsf.bb b/meta/recipes-core/sysvinit/sysvinit-inittab_2.88dsf.bb
index f539da8..c5b8cdc 100644
--- a/meta/recipes-core/sysvinit/sysvinit-inittab_2.88dsf.bb
+++ b/meta/recipes-core/sysvinit/sysvinit-inittab_2.88dsf.bb
@@ -17,9 +17,9 @@ do_compile() {
 
 do_install() {
     install -d ${D}${sysconfdir}
-    install -d ${D}${sysconfdir}/init.d
     install -m 0644 ${WORKDIR}/inittab ${D}${sysconfdir}/inittab
-    install -m 0755 ${WORKDIR}/start_getty ${D}${sysconfdir}/init.d/start_getty
+    install -d ${D}${base_bindir}
+    install -m 0755 ${WORKDIR}/start_getty ${D}${base_bindir}/start_getty
 
     set -x
     tmp="${SERIAL_CONSOLES}"
@@ -27,7 +27,7 @@ do_install() {
     do
 	j=`echo ${i} | sed s/\;/\ /g`
 	label=`echo ${i} | sed -e 's/tty//' -e 's/^.*;//' -e 's/;.*//'`
-	echo "$label:12345:respawn:${sysconfdir}/init.d/start_getty ${j}" >> ${D}${sysconfdir}/inittab
+	echo "$label:12345:respawn:${base_bindir}/start_getty ${j}" >> ${D}${sysconfdir}/inittab
     done
 
     if [ "${USE_VT}" = "1" ]; then
@@ -76,7 +76,7 @@ fi
 # Set PACKAGE_ARCH appropriately.
 PACKAGE_ARCH = "${MACHINE_ARCH}"
 
-FILES_${PN} = "${sysconfdir}/inittab ${sysconfdir}/init.d/start_getty"
+FILES_${PN} = "${sysconfdir}/inittab ${base_bindir}/start_getty"
 CONFFILES_${PN} = "${sysconfdir}/inittab"
 
 USE_VT ?= "1"
-- 
2.1.4



^ permalink raw reply related	[flat|nested] 2+ messages in thread

* Re: [PATCH] sysvinit-inittab: Move start_getty scrip to base_bindir.
  2016-02-20 17:55 [PATCH] sysvinit-inittab: Move start_getty scrip to base_bindir Philip Tricca
@ 2016-02-28  2:33 ` Philip Tricca
  0 siblings, 0 replies; 2+ messages in thread
From: Philip Tricca @ 2016-02-28  2:33 UTC (permalink / raw)
  To: Saul Wold; +Cc: openembedded-core

Ping. Any thoughts on this Saul?

Thanks,
Philip

On 02/20/2016 09:55 AM, Philip Tricca wrote:
> When this file is in ${sysconfdir}/init.d, SELinux labels it as a generic
> init script (initrc_t). This causes problms at runtime because SELinux
> doesn't let the login process execute generic init script. Moving this
> helper script to base_bindir results in it being labeled as a generic
> binary (bin_t). Nearly every SELinux domain is allowed to execute
> generic binaries and the login process is one of them.
> 
> Signed-off-by: Philip Tricca <flihp@twobit.us>
> ---
>  meta/recipes-core/sysvinit/sysvinit-inittab_2.88dsf.bb | 8 ++++----
>  1 file changed, 4 insertions(+), 4 deletions(-)
> 
> diff --git a/meta/recipes-core/sysvinit/sysvinit-inittab_2.88dsf.bb b/meta/recipes-core/sysvinit/sysvinit-inittab_2.88dsf.bb
> index f539da8..c5b8cdc 100644
> --- a/meta/recipes-core/sysvinit/sysvinit-inittab_2.88dsf.bb
> +++ b/meta/recipes-core/sysvinit/sysvinit-inittab_2.88dsf.bb
> @@ -17,9 +17,9 @@ do_compile() {
>  
>  do_install() {
>      install -d ${D}${sysconfdir}
> -    install -d ${D}${sysconfdir}/init.d
>      install -m 0644 ${WORKDIR}/inittab ${D}${sysconfdir}/inittab
> -    install -m 0755 ${WORKDIR}/start_getty ${D}${sysconfdir}/init.d/start_getty
> +    install -d ${D}${base_bindir}
> +    install -m 0755 ${WORKDIR}/start_getty ${D}${base_bindir}/start_getty
>  
>      set -x
>      tmp="${SERIAL_CONSOLES}"
> @@ -27,7 +27,7 @@ do_install() {
>      do
>  	j=`echo ${i} | sed s/\;/\ /g`
>  	label=`echo ${i} | sed -e 's/tty//' -e 's/^.*;//' -e 's/;.*//'`
> -	echo "$label:12345:respawn:${sysconfdir}/init.d/start_getty ${j}" >> ${D}${sysconfdir}/inittab
> +	echo "$label:12345:respawn:${base_bindir}/start_getty ${j}" >> ${D}${sysconfdir}/inittab
>      done
>  
>      if [ "${USE_VT}" = "1" ]; then
> @@ -76,7 +76,7 @@ fi
>  # Set PACKAGE_ARCH appropriately.
>  PACKAGE_ARCH = "${MACHINE_ARCH}"
>  
> -FILES_${PN} = "${sysconfdir}/inittab ${sysconfdir}/init.d/start_getty"
> +FILES_${PN} = "${sysconfdir}/inittab ${base_bindir}/start_getty"
>  CONFFILES_${PN} = "${sysconfdir}/inittab"
>  
>  USE_VT ?= "1"
> 



^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2016-02-28  2:33 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2016-02-20 17:55 [PATCH] sysvinit-inittab: Move start_getty scrip to base_bindir Philip Tricca
2016-02-28  2:33 ` Philip Tricca

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox