[fedora-arm] SELinux on F11 on ARM (in QEMU)?
Steve Grubb
sgrubb at redhat.com
Wed Oct 21 19:38:09 UTC 2009
On Wednesday 21 October 2009 02:32:04 pm Per Nystrom wrote:
> These are the only messages I see from dmesg:
>
> [root at fedora-arm ~]# dmesg | grep -i selinux
> SELinux: Initializing.
> SELinux: Starting in permissive mode
OK, did some checking. SE Linux policy is loaded in the initrd in F-11. The
reason why is because if its done from /etc/rc.sysinit, then init has the
wrong context and that leads to lots of problems. So, you would need to boot
via initrd to have selinux working. The initrd only needs to call load_policy
and nothing else.
Another approach used back in F-9/10 was to patch init itself to load policy.
That patch could probably be pulled from cvs.
-Steve
More information about the arm
mailing list