Selinux always disabled at boot from encrypted root fs

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



My system is up and running with an encrypted root partition and
behaving exactly as it did pre-encryption except that selinux always
comes up disabled at boot. Even passing the 'selinux=1' kernel parameter
is ineffective.  Once booted, selinux can be started with 'load_policy
-i', after which it seems to behave normally, so it appears to be
configured correctly, as it was before the root fs was encrypted.

System info:
intel core2duo cpu
Fedora 11
2.6.31-rc5-git5 from kernel.org
loop-AES-3.2g (compiled as module)
aespipe-v2.3e
util-linux-ng-2.15.1

build-initrd.sh configuration:
      * USEPIVOT=2
      * BOOTDEV=/dev/sda1
      * BOOTTYPE=ext3
      * CRYPTROOT=/dev/sda2
      * ROOTTYPE=ext4
      * CIPHERTYPE=AES128
      * GPGKEYFILE=rootkey.gpg
      * SOURCEROOT=/
      * DESTINATIONROOT=/mnt/build
      * DESTINATIONPREFIX=boot
      * UTF8KEYBMODE=1
      * LOADNATIONALKEYB=1
      * USEGPGKEY=1

My reading seems to point to this being an initrd issue as opposed to a
loop-aes issue. However, in my experiments with dracut, TuxOnIce,
building initrds from scratch, etc., I have been unable to get anything
to work that is as small and efficient as the initrds produced by Jari's
build-initrd.sh script, hence my post here.

So my question is, must I live with this behavior or is it something
that has already been solved? If it has been solved, would someone be so
kind as to point me in the right direction; ideally at an
appropriately-modified build-initrd.sh, but suggestions as to what I
might try next would also be appreciated.

Thanks.

FG






-
Linux-crypto:  cryptography in and on the Linux system
Archive:       http://mail.nl.linux.org/linux-crypto/


[Index of Archives]     [Kernel]     [Linux Crypto]     [Gnu Crypto]     [Gnu Classpath]     [Netfilter]     [Bugtraq]
  Powered by Linux