tech-kern archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

/sbin/reboot and secmodel

Hello all,

After playing a little bit with secmodel, I've tried to authorized a user with a specific uid to reboot the system.
It didn't work as I expected and the secmodel callback isn't called at all.
After looking the code of reboot and talking about this with elad@, I see that two things just allow the root user to call /sbin/reboot :

  128          if (geteuid())
  129                  errx(1, "%s", strerror(EPERM));


  188          if (kill(1, SIGTSTP) == -1)
  189                  err(1, "SIGTSTP init");

I think that the check of the uid can be removed since we trust the secmodel. But for the signal SIGTSTP send to the init, I don't know, and honestly I don't know what init does catching this signal :)


Home | Main Index | Thread Index | Old Index