> -----Original Message----- > From: fedora-arm-bounces@xxxxxxxxxx [mailto:fedora-arm- > bounces@xxxxxxxxxx] On Behalf Of Per Nystrom > Sent: 22 October 2009 02:14 > To: Steve Grubb > Cc: fedora-arm@xxxxxxxxxx > Subject: Re: SELinux on F11 on ARM (in QEMU)? > > > On Wed, 2009-10-21 at 15:38 -0400, Steve Grubb wrote: > > On Wednesday 21 October 2009 02:32:04 pm Per Nystrom wrote: > > > These are the only messages I see from dmesg: > > > > > > [root@fedora-arm ~]# dmesg | grep -i selinux > > > SELinux: Initializing. > > > SELinux: Starting in permissive mode > > > > OK, did some checking. SE Linux policy is loaded in the > initrd in F-11. The > > reason why is because if its done from /etc/rc.sysinit, then > init has the > > wrong context and that leads to lots of problems. So, you > would need to boot > > via initrd to have selinux working. The initrd only needs to > call load_policy > > and nothing else. > > > > Another approach used back in F-9/10 was to patch init itself > to load policy. > > That patch could probably be pulled from cvs. > > Which approach is likely to be supported in the ARM > distribution going > forward? I'd rather keep things simple and not use an initrd, > but I'd > like to know if that patch is going to make it into F11 ARM and > later > releases. If possible, could you please go ahead and see how the patch works for you? To begin with let us at least keep the patch around/accessible. If it works for you, I'll spin a pre-built fc11/fc12 rpm with that patch for users to pick up. As a policy we do not want to diverge from upstream Fedora packages. But we could make that call based on how many users pick this approach. > > Thanks, > Per Kedar. > > _______________________________________________ > fedora-arm mailing list > fedora-arm@xxxxxxxxxx > https://www.redhat.com/mailman/listinfo/fedora-arm _______________________________________________ fedora-arm mailing list fedora-arm@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-arm
