selinux hasn't been running for over a week
Steve Grubb
sgrubb at redhat.com
Fri Sep 18 14:01:05 UTC 2009
On Friday 18 September 2009 09:54:12 am Daniel J Walsh wrote:
> >> If the kernel has SELinux and it is not in permissive mode, it should
> >> execute load_policy
>
> Yes in permissive mode load_policy will return 2 if it can not load policy.
> I guess dracut should also look in /etc/selinux/config to see if the
> SELINUX environment variable is not set to enforcing.
What about interaction with the kernel command line? What the kernel was given
is listed in /proc/cmdline. iow, if I boot with selinux=0 and the config says
enabled, shouldn't the kernel command line take priority?
> > You mean if the machine is in permissive mode, it should load_policy, but
> > not crash. But it should log the reason so it can be debugged.
> >
> >> Load_policy will exit with 0 on success or 2 on failure and SELinux in
> >> permissive mode.
> >
> > And if chroot fails, we need to handle it.
>
> This will probably crash anyways
In the code I looked at, only if it returned 3...
-Steve
More information about the fedora-devel-list
mailing list