On 05/25/2018 04:08 AM, bhawna goel wrote: > Hi Team, > > We are facing an issue with load_policy command on Centos 7.4.. Need to understand what it exactly does. > > We have Centos 7.4 machine which have two partitions . > Ist partition (partA) have all the policies with unconfined and when we are installing second partition (partB) we are adding all the policies for sysadm. > During installation of partB below command is getting executed from partA > chroot partB load_policy -qi. > > Just after executing this command partA stops working with unconfined policies . partA giving denials which was working before executing this command. > > Just to recover my system i executed load_policy -q in partA and it gets back to normal. > > I wanted to understand what exactly load_policy do . Why my partA stopped working when load_policy is executed in partB .Is this expected behavior or there is some issue. > > Thanks in advance. I thought I answered this yesterday, but let's try again: load_policy always loads the active policy as defined by /etc/selinux/config relative to its root. So if you perform a chroot /path/to/partB load_policy it will load the policy from /path/to/partB/etc/selinux into the kernel. And then your partA will stop working. There is only one kernel policy; it isn't relative to any particular root. Don't load policy from partB unless you are actually booting from partB. _______________________________________________ Selinux mailing list Selinux@xxxxxxxxxxxxx To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
