Enabling SELinux on a custom kernel
Stephen Smalley
sds at tycho.nsa.gov
Tue Jul 8 12:24:07 UTC 2008
On Tue, 2008-07-08 at 11:10 +0200, Jan Kasprzak wrote:
> Hello,
>
> how do I enable SELinux on a custom kernel? I have looked into
> the system initrd, and it seems the policy is loaded by the "loadpolicy"
> command in nash. Is it possible to use SELinux with Fedora without
> having to use initrd?
Prior to Fedora 9, Fedora used a patched /sbin/init program to perform
the initial policy load (it would load policy and then re-exec itself in
order to enter the correct domain). Fedora 9 switched over to loading
policy from the initrd.
Your options would seem to be:
- use an initrd (easiest),
- re-patch your /sbin/init program,
- try to do it from inittab or rc.sysinit (but the problem there is that
it doesn't get /sbin/init itself into the right domain).
--
Stephen Smalley
National Security Agency
More information about the fedora-selinux-list
mailing list