:: Re: [DNG] running with separate / a…
Inizio della pagina
Delete this message
Reply to this message
Autore: Ken Dibble
Data:  
To: dng
Oggetto: Re: [DNG] running with separate / and /usr
On 1/11/23 10:43, Rainer Weikusat via Dng wrote:
> karl@??? writes:
>> Rainer Weikusat:
>> ...
>>> I'm willing to put work into this although this would only proceed
>>> slowly as this would amount to just a few hours each Sunday.
>> If you want to spend time on this we could assemle a small group
>> handling this in devuan.
>>
>> The easiest solution to this is using a kernel with needed drivers
>> compiled in. My suggestion is to add:
>>
>> CONFIG_SATA_AHCI=y
>> CONFIG_MD_RAID1=y
>> CONFIG_EXT4_FS=y
>>
>> and using busybox init and mount.
> I'm running a kernel with all critical drivers compiled in. It also
> doesn't have SELinux support because that's not good for anything I
> would want to do with this system. Yet, the system cannot boot without a
> working libselinux because someone saw it fit to turn that into a
> mandatory part of the system. In my opinion, a system where libselinux
> cannot ever be used for anything shouldn't fail to boot because it can't
> be loaded. My workaround is good enough for me. I'd be willing to put
> work into a more general solutions if this was of interest to other
> people than me.
>
> For religious reasons, I refuse to use busybox for anything. I spent
> some years working with and fixing this code for an embedded system at
> the time when these were still fairly small. The corresponding product
> (not project) is long dead, hence, I'm rid of the associated
> problems. Unless I'm forced to, I'll never again touch this code(base).
> _______________________________________________


1) I stipulate that I am probably the least experienced and least
knowledgeable on this list.

2) I am hoping that I can be educated.

3) I hope that someone will make the probable futile attempt at
educating me.


So here goes.


SELinux is needed for a whole lot of things.

Here is a subset.

apt-cache rdepends libselinux1:amd64
libselinux1
Reverse Depends:

passwd
dpkg
dbus

util-linux

logrotate
consolekit
sysvinit-core

openrc

cron

openssh-server

So unless I have completely missed the boat (always a possibility with me),

I am at a loss as to what type of system could function without these
things.

I would imagine some type of industrial embedded system, having no interface

and only an off/on button, but that is just a WAG.

It follows then, that if all of these things are necessary for the vast
majority of users,

that selinux being in the kernel would make sense and save the huge
majority of

users/administrators a lot of grief.


Sitting quietly in the dark, looking to be enlightened.


Ken