[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: [RFC] change policy loading to initramfs

From: Bill Nottingham <notting redhat com>
To: Peter Jones <pjones redhat com>
Cc: fedora-selinux-list redhat com
Subject: Re: [RFC] change policy loading to initramfs
Date: Thu, 24 Jan 2008 11:48:12 -0500

Peter Jones (pjones redhat com) said: 
> int loadPolicyCommand(char *cmd, char *end)
> {
>     int enforce = 0;
>     int rootfd;
>
>     rootfd = open("/", O_DIRECTORY|O_RDONLY);
>     if (rootfd < 0) {
>         eprintf("loadpolicy: could not open directory: %m\n");
>         exit(1);
>     }
>     if (chroot("/sysroot") != 0) {
>         eprintf("loadpolicy: chroot failed: %m\n");
>         exit(1);
>     }
>     if (selinux_init_policy(&enforce) != 0) {
>         eprintf("Unable to load SELinux policy (%m). Halting now.\n");
>         exit(1);
>     }

selinux_init_load_policy is what handles enforcing=0/selinux=0 on the
commandline - you only want to halt if you get back that it failed
and you're in enforcing mode. (Similarly, not sure if chdir/chroot
should be fatal errors.)

Bill

Follow-Ups:
- Re: [RFC] change policy loading to initramfs
  - From: Chad Sellers

References:
- [RFC] change policy loading to initramfs
  - From: Bill Nottingham

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]