On Wed, 2009-05-20 at 09:21 +0200, Dennis Wronka wrote: > Hello folks, > > currently I am experiencing quite a strange problem during system-boot. > The problem is that the policy only gets loaded when I boot into enforcing-mode. Booting into permissive mode (doesn't matter if via kernel-parameter or config-file) does not load the policy at all. > > I am using Kernel 2.6.29.3 and Reference Policy 2.20081210. > Did anything change in the latest kernel or policy that triggers this? Is it possible to create a policy that cannot be loaded in permissive mode? > > Any help or suggestion would be great. What mechanism are you using to perform the initial policy load (Fedora originally patched /sbin/init then migrated to performing the load from the initrd; Ubuntu does the load from initrd but in a different manner; Debian still uses a patched init I believe)? Can you post the logic for your initial policy load, whether it is a patch to /sbin/init or an initrd script? -- Stephen Smalley National Security Agency -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
