Re: policy on start-stop-daemon
On Thu, Feb 14, 2002 at 04:43:24PM +1100, Russell Coker wrote:
> In which case using a command line parameter of "--started-from-cron" which
> would be silently ignored by the default start-stop-daemon and which would be
> taken to mean "don't change security context" by the SE version would still
> allow you to achieve that aim.
Well, why not use an environment variable then, which you can pass from
cron all the way down to your modified start-stop-daemon yourself? Have
cron export SELINUX_NOTERMINAL=yes and check for that before trying to
prompt, eg.
In an ideal world, what exactly would you want to have happen here? Should
cron never *ever* attempt to restart a daemon when rotating its logs? If
it should restart daemons, where do the extra capabilities come from --
cron itself, the cron.daily/* shell fragments, the init.d script or
somewhere else? Is it possible to make some shell scripts be "setuid"
in terms of the particular capabilities required to restart their daemon?
Cheers,
aj
--
Anthony Towns <aj@humbug.org.au> <http://azure.humbug.org.au/~aj/>
We came. We Saw. We Conferenced. http://linux.conf.au/
``Debian: giving you the power to shoot yourself in each
toe individually.'' -- with kudos to Greg Lehey
Reply to: