On Friday 18 September 2009 09:54:12 am Daniel J Walsh wrote: > >> If the kernel has SELinux and it is not in permissive mode, it should > >> execute load_policy > > Yes in permissive mode load_policy will return 2 if it can not load policy. > I guess dracut should also look in /etc/selinux/config to see if the > SELINUX environment variable is not set to enforcing. What about interaction with the kernel command line? What the kernel was given is listed in /proc/cmdline. iow, if I boot with selinux=0 and the config says enabled, shouldn't the kernel command line take priority? > > You mean if the machine is in permissive mode, it should load_policy, but > > not crash. But it should log the reason so it can be debugged. > > > >> Load_policy will exit with 0 on success or 2 on failure and SELinux in > >> permissive mode. > > > > And if chroot fails, we need to handle it. > > This will probably crash anyways In the code I looked at, only if it returned 3... -Steve -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
