Thanks for this, I think we're going somewhere. Booting into single-user and running load_policy -i I get this: Mount failed for selinuxfs on /selinux: Device or resource busy load_policy: Can't load policy: Device or resource busy I've seen this before when I was testing around, but didn't find much about this. I'll see that I install strace in order to provide a trace. libselinux is 2.0.79 On Wednesday 20 May 2009 22:21:01 Stephen Smalley wrote: > On Wed, 2009-05-20 at 10:09 -0400, Stephen Smalley wrote: > > On Wed, 2009-05-20 at 22:07 +0800, Dennis Wronka wrote: > > > Sorry I got to ask, but what do you actually mean by "initial policy > > > loading logic"? > > > > > > I haven't actually written any code that handles the policy. I took the > > > attached patch for SysVInit and applied it. From what I know this is > > > the commonly used patch for this, as it seems to be pretty identical > > > wherever I'm looking. > > > > That's what I wanted to see, thanks. > > > > Now, if you boot permissive in single-user mode (enforcing=0 single) and > > run "load_policy -i" (note the -i option), does that work? That calls > > the same function for initial policy loading as the patch for sysvinit. > > If it doesn't work (i.e. policy is still not loaded by it, as shown by > e.g. running id -Z), then try running strace load_policy -i 2>& out and > send the output file. > > Also, please identify your version of libselinux.
Attachment:
signature.asc
Description: This is a digitally signed message part.
