On 05/24/2018 01:48 AM, shagun maheshwari wrote: > Hi, > > We have done changes in our Centos7.4 to disable the unconfined user from our code. We have created an iso in which we have replaced unconfined with sysadm and we are performing an upgrade using the new iso. > After upgrade current partition stop working. It started expecting policies for unconfined when we perform reboot things started working fine again. > We are suspecting some issues with this command "load_policy -qi" when this command is being executed on partB in permissive mode and after we move the system to enforcing mode. It starts giving denials for unconfined. > > Can you explain what exactly load_policy do? > Does it load the policies for all the partitions of the system? load_policy always loads the active system policy as defined by /etc/selinux/config. If you want it to load a policy from another partition you need to run it under chroot or a filesystem namespace such that it uses /etc/selinux from the other partition. It only loads one policy though, not multiple. _______________________________________________ Selinux mailing list Selinux@xxxxxxxxxxxxx To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
