Don't directly execute bash for single-user mode, as that has SELinux issues. (#540216, #584443, #585053)

If upstart directly runs bash for single-user mode, there's no way for
SELinux to set the proper context (to distinguish it from other init scripts).
Inserting a helper binary in the way allows for this.

While we're changing this, we make it configurable so it's easily possible
for people to use sulogin if they so desire.

2 files changed, 21 insertions, 0 deletions

diff --git a/src/sushell b/src/sushell
new file mode 100755
index 00000000..7d969416
--- /dev/null
+++ b/src/sushell
@@ -0,0 +1,5 @@
+#!/bin/bash
+
+[ -z "$SUSHELL" ] && SUSHELL=/bin/bash
+
+exec $SUSHELL
diff --git a/src/sushell.8 b/src/sushell.8
new file mode 100644
index 00000000..9832a732
--- /dev/null
+++ b/src/sushell.8
@@ -0,0 +1,16 @@
+.TH SUSHELL 8 "Red Hat, Inc" \" -*- nroff -*-
+.SH NAME
+sushell \- execute the single-user shell
+.SH SYNOPSIS
+.B sushell
+.SH DESCRIPTION
+.B sushell
+executes the single-user shell. By default, this is
+\fI/bin/bash\fP
+This can be configured via the
+.B SUSHELL
+environment variable.
+.SH NOTES
+.B sushell
+is an implementation detail, required for proper SELinux
+usage. It is not intended to be run regularly.