[systemd-devel] [PATCH] selinux: Only attempt to load policy exactly once, in the real root
walters at verbum.org
Thu Feb 20 12:52:08 PST 2014
On Thu, Feb 20, 2014 at 2:45 PM, Daniel J Walsh <dwalsh at redhat.com>
> You mean
> "!in_initrd() || access(selinux_path(), F_OK) >= 0"?
I don't think so - that would mean we would silently continue if
enforcing=1, but we happen to not find a policy on disk. Right?
I think my patch is better than this - systemd will attempt to load
policy from *only* the real root (not the initramfs), using the exact
same logic as is in libselinux currently.
For example, it would allow explicitly specifying enforcing=1 on the
kernel command line, and that would continue to cause an explicit
failure if policy is not found.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the systemd-devel