[prev in list] [next in list] [prev in thread] [next in thread]
List: systemd-devel
Subject: [systemd-devel] [PATCH] core: let selinux_setup() load policy more than once
From: wwoods () redhat ! com (Will Woods)
Date: 2014-04-28 17:29:34
Message-ID: 1398706174.3576.31.camel () metroid ! usersys ! redhat ! com
[Download RAW message or body]
On Fri, 2014-04-25 at 18:26 -0400, Will Woods wrote:
> Currently, systemd refuses to load SELinux policy more than once.
>
> Normal systems don't care, because they either:
> a) have initramfs without policy, then load policy after switch-root, or
> b) load policy in initramfs, and never switch-root out.
>
> But if you *do* switch-root more than once - which fedup does! - you're
> supposed to run selinux_init_load_policy() afterward to ensure that you set up
> selinuxfs and load the new SELinux policy correctly.
For reference, here's the thread from selinux at tycho.nsa.gov where this
was discussed:
http://marc.info/?l=selinux&m=139782596307221&w=2
The upshot is: yes, we're supposed to do selinux_init_load_policy()
after *every* switch-root.
-w
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic