[RFC] change policy loading to initramfs
Chuck Anderson
cra at WPI.EDU
Thu Jan 24 23:31:42 UTC 2008
On Thu, Jan 24, 2008 at 04:31:49PM -0500, Bill Nottingham wrote:
> --- mkinitrd-6.0.28/mkinitrd.foo 2008-01-23 17:09:26.000000000 -0500
> +++ mkinitrd-6.0.28/mkinitrd 2008-01-23 17:10:23.000000000 -0500
> @@ -1692,6 +1692,13 @@ if [ -n "$dhclient_leases_cmd" ]; then
> emit "$dhclient_leases_cmd"
> fi
>
> +SELINUX=
> +[ -f /etc/selinux/config ] && . /etc/selinux/config
> +if [ -n "$SELINUX" -a "$SELINUX" != "disabled" ]; then
> + emit "echo Loading SELinux policy."
> + emit "loadpolicy"
> +fi
> +
> emit "echo Switching to new root and running init."
> emit "switchroot"
> emit "echo Booting has failed."
Shouldn't you always add loadpolicy to the initrd? The SELinux config
might change between when the initrd was generated and when you boot
the system.
More information about the selinux
mailing list