On Wed, Dec 12, 2012 at 1:25 PM, Casey Schaufler <casey@xxxxxxxxxxxxxxxx> wrote: > Configure None as the presented LSM and all legacy userspace > will fail. Trouble for all. I think the question is when and how it fails. I'd like SELinux to fail really early and in some clean way if it is non-present and you don't have new userspace. I'd rather it fail on policy load than on some later /proc/*/attr/ issue. I can do it myself even if you don't want to do it as part of the stacking work. My current thought is a required ioctl before policy load if non-present otherwise reject policy load instead of the entirely new policy load file. -Eric -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
