On Wed, 2009-05-20 at 10:09 -0400, Stephen Smalley wrote: > On Wed, 2009-05-20 at 22:07 +0800, Dennis Wronka wrote: > > Sorry I got to ask, but what do you actually mean by "initial policy loading > > logic"? > > > > I haven't actually written any code that handles the policy. I took the > > attached patch for SysVInit and applied it. From what I know this is the > > commonly used patch for this, as it seems to be pretty identical wherever I'm > > looking. > > That's what I wanted to see, thanks. > > Now, if you boot permissive in single-user mode (enforcing=0 single) and > run "load_policy -i" (note the -i option), does that work? That calls > the same function for initial policy loading as the patch for sysvinit. If it doesn't work (i.e. policy is still not loaded by it, as shown by e.g. running id -Z), then try running strace load_policy -i 2>& out and send the output file. Also, please identify your version of libselinux. -- Stephen Smalley National Security Agency -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
