sysvinit 2.88 contains some changes in internal logic to prevent it from loading selinux policy during startup, effectively disabling selinux. This prevents us from being able to deploy selinux on gentoo systems using sysvinit 2.88 (although 2.87-r3 works fine).
Whoops, typo, and I don't see any way to edit. The above should read: "sysvinit 2.88 contains some changes in internal logic WHICH prevent it from loading selinux policy during startup, effectively disabling selinux. This prevents us from being able to deploy selinux on gentoo systems using sysvinit 2.88 (although 2.87-r3 works fine)."
Created attachment 237333 [details] emerge --info
Created attachment 237335 [details] selinux patch for sysvinit 2.88 This bug is similar to a bug filed on Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=580272 However, the Debian proposed patch does not work on Gentoo (probably because I'm running naked sysvinit, rather than using initrd). I do NOT know if this has been submitted as a patch to upstream or not.
The patch is good.
you're free to commit selinux patches to this package since we have no idea how these things work or how to test them upstream repo doesnt have any changed code, and no one has reported a bug to them: https://savannah.nongnu.org/bugs/?group=sysvinit the debian report indicates their patch should work fine with a kernel lacking an initrd ...
The Debian report also indicates that it has not been tested without an initrd. Be that as it may, when I applied the full Debian patch, my system puked out its guts all over my brand new carpet, and I spent some time cleaning up the mess. What I provided in this patch was what I had to have to get my system to boot. It could very well be something unique to the configuration of my system, though. It would be nice if we could have some testing from others. Should I submit a patch to upstream, then? I'm unsure of the protocol here, being rather new to how Gentoo does these sorts of things.
it depends on the package. since you have something to actually test out, you could answer questions upstream might have. http://savannah.nongnu.org/bugs/?func=additem&group=sysvinit
Filed with upstream, http://savannah.nongnu.org/bugs/index.php?30396, however note that we may still have to implement this patch ourselves, at least temporarily, depending on when we intend to implement sysvinit-2.88, otherwise SELinux will be broken.
See https://savannah.nongnu.org/bugs/download.php?file_id=20930
After some back and forth with upstream, I can only conclude I am suffering from some sort of brain-damage or something. After applying the patch for sysvinit from post #9, udev puked on me. This happened to me on two different occasions. However, applying the patch now, everything works fine. I'm closing this as fixed upstream, unless someone feels it should be handled differently?
i thought the current sysvinit-2.88 package needed a patch to work. is that not the case ?
It is the case that 2.88 requires a patch to work correctly. That patch is in the SVN tree upstream.
so post the commit URL or attach a patch to this bug so we can add it to 2.88-r1
Created attachment 239317 [details] sysvinit patch for selinux
guessing you want this: http://svn.savannah.nongnu.org/viewvc?view=rev&root=sysvinit&revision=90 so ive added that to 2.88-r1
