[systemd-devel] [PATCH] selinux: Only attempt to load policy exactly once, in the real root
Colin Walters
walters at verbum.org
Thu Feb 20 12:52:08 PST 2014
On Thu, Feb 20, 2014 at 2:45 PM, Daniel J Walsh <dwalsh at redhat.com>
wrote:
>>
>>
> You mean
>
> "!in_initrd() || access(selinux_path(), F_OK) >= 0"?
>
I don't think so - that would mean we would silently continue if
enforcing=1, but we happen to not find a policy on disk. Right?
I think my patch is better than this - systemd will attempt to load
policy from *only* the real root (not the initramfs), using the exact
same logic as is in libselinux currently.
For example, it would allow explicitly specifying enforcing=1 on the
kernel command line, and that would continue to cause an explicit
failure if policy is not found.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freedesktop.org/archives/systemd-devel/attachments/20140220/f7f9ae3e/attachment.html>
More information about the systemd-devel
mailing list