On Saturday 20 September 2008 1:22:31 pm Arjan van de Ven wrote: > On Sat, 20 Sep 2008 13:13:38 -0400 > > Kyle McMartin <kyle@xxxxxxxxxx> wrote: > > > On further consideration, though, the biggest issue with kicking > > > out the initrd is getting the policy lodaed. > > /me wonders about the option of having selinux using > request_firmware() to get its policy I've started ignoring most of the firmware loading threads a while ago so I've kinda lost most of the plot there ... a few questions: * Is the firmware request asynchronous? * Is there currently a way, or at least nothing in the way that would prevent a mechanism from bring created, to pause the boot process until the policy/firmware is loaded? I ask because we would want to make sure that SELinux policy was loaded before any services are started. Regardless, we would still need to keep the current policy loading mechanism in place since we can't break userspace. You should post this idea on the SELinux list to get some further thought on this ... -- paul moore linux @ hp _______________________________________________ Fedora-kernel-list mailing list Fedora-kernel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-kernel-list
