[systemd-devel] [PATCH] selinux: Only attempt to load policy exactly once, in the real root
Colin Walters
walters at verbum.org
Thu Feb 20 13:21:34 PST 2014
On Thu, Feb 20, 2014 at 4:10 PM, Eric Paris <eparis at parisplace.org>
wrote:
> I think the idea was
>
> if we are not in the initrd - try to load policy
> if we are in the initrd and we find selinux_path() - try to load
> policy
>
> Thus embeded/thin who put everything inside the initrd will work (and
> the kernel enforce=1 will mean what is should)
> And where we don't put anything inside the initrd will still be
> correct since we'll try to load no matter what in the real root
>
I guess then as long as we don't attempt to load policy again if we
already have done so in the initrd - and yes, systemd already has logic
of this form inside selinux_setup().
I'm testing this suggested patch now.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freedesktop.org/archives/systemd-devel/attachments/20140220/8340a7ec/attachment-0001.html>
More information about the systemd-devel
mailing list