[systemd-devel] Expected behavior when systemd cannot load SELinux policy

Lennart Poettering lennart at poettering.net
Fri Nov 7 08:09:14 PST 2014


On Fri, 07.11.14 11:30, Jan Synáček (jsynacek at redhat.com) wrote:

> Hello,
> 
> currently, when SELINUX=enforcing and SELINUXTYPE=<invalid value> are
> set in /etc/selinux/config, systemd refuses to boot with
> "Failed to load SELinux policy. Freezing."
> 
> Is this really what should happen? If SELINUX is set to permissive or
> disabled, though, systemd happily continues booting. I think that that's
> what should happen when SELINUX is set to enforcing as well. Plus a big
> warning in the log, or maybe even on the console, of course.
> 
> What do you think?

Well, if we are in enforcing mode then this means that everything that
is not OK needs to fail, and this includes the policy being corrupted
or missing really.

Enforcing mode is really this "super secure" mode where we'd rather
hang the machine then possibly allow things to go through that might
not be let through if the policy would be order...

Lennart

-- 
Lennart Poettering, Red Hat


More information about the systemd-devel mailing list