On 05/27/2013 07:40 PM, Harald Hoyer wrote:
> On 05/22/2013 12:14 PM, Dave Young wrote:
>> On 05/22/2013 06:13 PM, Dave Young wrote:
>>> Hi, Harald
>>>
>>> I have a question about selinux module.
>>>
>>> In dracut.spec there's below code:
>>>
>>> %if %{defined _unitdir}
>>> # with systemd IMA and selinux modules do not make sense
>>> rm -fr $RPM_BUILD_ROOT/%{dracutlibdir}/modules.d/96securityfs
>>> rm -fr $RPM_BUILD_ROOT/%{dracutlibdir}/modules.d/97masterkey
>>> rm -fr $RPM_BUILD_ROOT/%{dracutlibdir}/modules.d/98integrity
>>> rm -fr $RPM_BUILD_ROOT/%{dracutlibdir}/modules.d/98selinux
>>> %endif
>>>
>>> I'm confused why they are excluded for systemd?
>>>
>>> And how can we load selinux policy in initramfs without 98selinux now?
>
> Do you have to load the selinux policy in the initramfs?
> systemd does it after switching to the real root.
>
After crashing happens, under kdump kernel we need copy vmcore to
filesystem with right selinux attributes. But we are also discussing if
it's better to relabel them after machine restart..
--
Thanks
Dave
--
To unsubscribe from this list: send the line "unsubscribe initramfs" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
