On Thu, Feb 20, 2014 at 4:10 PM, Eric Paris <eparis@xxxxxxxxxxxxxx> wrote:
I think the idea was if we are not in the initrd - try to load policy if we are in the initrd and we find selinux_path() - try to load policy Thus embeded/thin who put everything inside the initrd will work (and the kernel enforce=1 will mean what is should) And where we don't put anything inside the initrd will still be correct since we'll try to load no matter what in the real root
I guess then as long as we don't attempt to load policy again if we already have done so in the initrd - and yes, systemd already has logic of this form inside selinux_setup().
I'm testing this suggested patch now.
_______________________________________________ Selinux mailing list Selinux@xxxxxxxxxxxxx To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
