sysvinit-inittab: Move start_getty scrip to base_bindir.

When this file is in ${sysconfdir}/init.d, SELinux labels it as a generic
init script (initrc_t). This causes problms at runtime because SELinux
doesn't let the login process execute generic init script. Moving this
helper script to base_bindir results in it being labeled as a generic
binary (bin_t). Nearly every SELinux domain is allowed to execute
generic binaries and the login process is one of them.

Signed-off-by: Philip Tricca <flihp@twobit.us>
Signed-off-by: Ross Burton <ross.burton@intel.com>

diff --git a/meta/recipes-core/sysvinit/sysvinit-inittab_2.88dsf.bb b/meta/recipes-core/sysvinit/sysvinit-inittab_2.88dsf.bb
index f539da8ddac0e9e8908581827eb2c3835b1364f6..c5b8cdca95a783d100bf601a1a39cf62b1f5cd54 100644 (file)
--- a/meta/recipes-core/sysvinit/sysvinit-inittab_2.88dsf.bb
+++ b/meta/recipes-core/sysvinit/sysvinit-inittab_2.88dsf.bb
@@ -17,9 +17,9 @@ do_compile() {
 
 do_install() {
     install -d ${D}${sysconfdir}
-    install -d ${D}${sysconfdir}/init.d
     install -m 0644 ${WORKDIR}/inittab ${D}${sysconfdir}/inittab
-    install -m 0755 ${WORKDIR}/start_getty ${D}${sysconfdir}/init.d/start_getty
+    install -d ${D}${base_bindir}
+    install -m 0755 ${WORKDIR}/start_getty ${D}${base_bindir}/start_getty
 
     set -x
     tmp="${SERIAL_CONSOLES}"
@@ -27,7 +27,7 @@ do_install() {
     do
        j=`echo ${i} | sed s/\;/\ /g`
        label=`echo ${i} | sed -e 's/tty//' -e 's/^.*;//' -e 's/;.*//'`
-       echo "$label:12345:respawn:${sysconfdir}/init.d/start_getty ${j}" >> ${D}${sysconfdir}/inittab
+       echo "$label:12345:respawn:${base_bindir}/start_getty ${j}" >> ${D}${sysconfdir}/inittab
     done
 
     if [ "${USE_VT}" = "1" ]; then
@@ -76,7 +76,7 @@ fi
 # Set PACKAGE_ARCH appropriately.
 PACKAGE_ARCH = "${MACHINE_ARCH}"
 
-FILES_${PN} = "${sysconfdir}/inittab ${sysconfdir}/init.d/start_getty"
+FILES_${PN} = "${sysconfdir}/inittab ${base_bindir}/start_getty"
 CONFFILES_${PN} = "${sysconfdir}/inittab"
 
 USE_VT ?= "1"