[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: selinux hasn't been running for over a week

From: Steve Grubb <sgrubb redhat com>
To: fedora-devel-list redhat com
Cc: Daniel J Walsh <dwalsh redhat com>
Subject: Re: selinux hasn't been running for over a week
Date: Fri, 18 Sep 2009 09:44:55 -0400

Hi,

Just a couple clarifications for anyone implementing this.

On Friday 18 September 2009 07:34:29 am Daniel J Walsh wrote:
> Bottom line is a bug in the dracut scripts.  The scripts should execute
>  load_policy and if for ANY reason load_policy fails and the machine is in
>  enforcing mode the machine needs to crash.  (It should also log the
>  error).
> 
> If the kernel has SELinux and it is not in permissive mode, it should
>  execute load_policy

You mean if the machine is in permissive mode, it should load_policy, but not 
crash. But it should log the reason so it can be debugged.

> Load_policy will exit with 0 on success or 2 on failure and SELinux in
>  permissive mode.

And if chroot fails, we need to handle it.

-Steve

Follow-Ups:
- Re: selinux hasn't been running for over a week
  - From: Daniel J Walsh

References:
- selinux hasn't been running for over a week
  - From: Steve Grubb
- Re: selinux hasn't been running for over a week
  - From: Yuan Yijun
- Re: selinux hasn't been running for over a week
  - From: Daniel J Walsh

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]