-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Stephen Smalley wrote: > On Wed, 2008-01-23 at 17:29 -0500, Bill Nottingham wrote: >> We're looking to move to a different init system in Fedora - the >> current work is going to be around upstart, most likely. upstart >> does not have native code for loading the SELinux policy. >> >> We could modify every possible init to load the policy... but >> that would be painful. So we might as well move to having the >> policy loaded from the initramfs. The attached patches are the >> first quick cut at doing that. >> >> The main patch is for mkinitrd/nash; there's a short patch for the >> current init, as it will abort if policy is already loaded. We >> can't actually remove the code from init to load the policy, as >> there will always be older initramfses. >> >> Comments? Ideas for different ways to do this? It's sort of ugly >> with fork and chroot(), but to avoid that we'd have to reimplement >> most, if not all, of libselinux's policy loading code directly. > > Hmm...Chad Sellers was working on similar support for Ubuntu, but did it > by adding a -i option to the load_policy program to perform an initial > policy load so that you can just execute it from a script rather than > requiring a direct patch to nash or anything else. cc'ing him. The > load_policy -i support is upstream and should be in Fedora devel / > rawhide too. > >> Bill >> -- >> fedora-selinux-list mailing list >> fedora-selinux-list@xxxxxxxxxx >> https://www.redhat.com/mailman/listinfo/fedora-selinux-list load_policy -i is available in rawhide -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iEYEARECAAYFAkeYr/gACgkQrlYvE4MpobN3QwCfd0uwUYidaa2vtko9hj6swa9e zeQAoN4kFHUtrS0wkUNDEOLuwcu0gfOd =wCNH -----END PGP SIGNATURE----- -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
