Quoting Stephen Smalley (sds@xxxxxxxxxxxxx): > > On Tue, 2008-07-08 at 11:10 +0200, Jan Kasprzak wrote: > > Hello, > > > > how do I enable SELinux on a custom kernel? I have looked into > > the system initrd, and it seems the policy is loaded by the "loadpolicy" > > command in nash. Is it possible to use SELinux with Fedora without > > having to use initrd? > > Prior to Fedora 9, Fedora used a patched /sbin/init program to perform > the initial policy load (it would load policy and then re-exec itself in > order to enter the correct domain). Fedora 9 switched over to loading > policy from the initrd. > > Your options would seem to be: > - use an initrd (easiest), > - re-patch your /sbin/init program, > - try to do it from inittab or rc.sysinit (but the problem there is that > it doesn't get /sbin/init itself into the right domain). Aaaah. I was wondering why my new f9-based kvm image wasn't enabling selinux when I started it with "-kernel bzImage". That's going to be a bit of a pain, as I assume I'll have to import the kernel tree into the f9 image in order to create an initrd. -serge -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
