On 09/18/2009 09:44 AM, Steve Grubb wrote: > Hi, > > Just a couple clarifications for anyone implementing this. > > On Friday 18 September 2009 07:34:29 am Daniel J Walsh wrote: >> Bottom line is a bug in the dracut scripts. The scripts should execute >> load_policy and if for ANY reason load_policy fails and the machine is in >> enforcing mode the machine needs to crash. (It should also log the >> error). >> >> If the kernel has SELinux and it is not in permissive mode, it should >> execute load_policy > Yes in permissive mode load_policy will return 2 if it can not load policy. I guess dracut should also look in /etc/selinux/config to see if the SELINUX environment variable is not set to enforcing. > You mean if the machine is in permissive mode, it should load_policy, but not > crash. But it should log the reason so it can be debugged. > >> Load_policy will exit with 0 on success or 2 on failure and SELinux in >> permissive mode. > > And if chroot fails, we need to handle it. > This will probably crash anyways. > -Steve -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
