Bug#312871: initrd-tools: please provide support for udev _and_ selinux

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#312871: initrd-tools: please provide support for udev _and_ selinux
From: Luke Kenneth Casson Leighton <lkcl@lkcl.net>
Date: Fri, 10 Jun 2005 02:16:42 +0100
Message-id: <[🔎] E1DgY8Y-0005Xv-IK@lkcl.net>
Reply-to: Luke Kenneth Casson Leighton <lkcl@lkcl.net>, 312871@bugs.debian.org

Package: initrd-tools
Version: 0.1.77
Severity: wishlist


just like is done in FC2 and above's initrd, please could you consider
putting uclib'd udev into the initrd, and then making sure that the
programs in it are selinux-enabled / aware?

i had to make a pig's ear of debian/selinux when udev is installed
because of tmpfs extended attributes, because of mounting /dev,
because the recreation of the non-persistent entries in /dev end
up with the wrong selinux attributes, i had to run "restorecon" on
every single entry **AFTER** udev had run... it was awful.

such a mess, and the boot-time is adversely affected, too.

oh - and as for /.dev - CHRIST what an awful mess, and the selinux
maintainers on www.nsa.gov won't even LISTEN about supporting
correct restoration of file contexts in /.dev, so if you accidentally
end up losing the file contexts on anything in /.dev - YOU CAN'T BOOT
THE MACHINE.

[some types of filesystem corruption can result in extended
attributes being truncated.  if that happens to anything in
/.dev, you are xxxxxed for a boot.  at least with /dev being
managed by udev, the selinux file contexts on your device
inodes get recreated!]

i can't remember the details, but the half-way-house solution of debian
at the moment (where /dev is managed by and created by an initscript
/etc/init.d/udev) is a bolloxed up idea.

Fedora's solution - start udev from the initrd: correct.

Gentoo's solution - don't _have_ an initrd: correct.

Debian's solution - start up initially in a half-cocked
environment, move /dev out the way to /.dev and then start
udev later: total bollocks.

l.


-- System Information:
Debian Release: testing/unstable
Architecture: i386
Kernel: Linux highfield 2.6.11-1-686 #1 Fri May 20 07:34:54 UTC 2005 i686
Locale: LANG=C, LC_CTYPE=C

Versions of packages initrd-tools depends on:
ii  coreutils [fileutils]         5.2.1-2    The GNU core utilities
ii  cpio                          2.5-1.1    GNU cpio -- a program to manage ar
ii  cramfsprogs                   1.1-4      Tools for CramFs (Compressed ROM F
ii  dash                          0.4.21     The Debian Almquist Shell
ii  fileutils                     5.2.1-2    The GNU file management utilities 
ii  util-linux                    2.12-6     Miscellaneous system utilities

-- no debconf information

Reply to:

Prev by Date: Bug#312687: linux terminal doesn't reset colors on logout
Next by Date: Bug#229757: Download + CDS all OS and all under $15-$99 just
Previous by thread: Bug#312845: Sarge Crashed by Evolution (?)
Next by thread: Bug#229757: Download + CDS all OS and all under $15-$99 just
Index(es):
- Date
- Thread