[fedora-arm] SELinux on F11 on ARM (in QEMU)?
Per Nystrom
pnystrom at netmagic.net
Wed Oct 21 20:43:33 UTC 2009
On Wed, 2009-10-21 at 15:38 -0400, Steve Grubb wrote:
> On Wednesday 21 October 2009 02:32:04 pm Per Nystrom wrote:
> > These are the only messages I see from dmesg:
> >
> > [root at fedora-arm ~]# dmesg | grep -i selinux
> > SELinux: Initializing.
> > SELinux: Starting in permissive mode
>
> OK, did some checking. SE Linux policy is loaded in the initrd in F-11. The
> reason why is because if its done from /etc/rc.sysinit, then init has the
> wrong context and that leads to lots of problems. So, you would need to boot
> via initrd to have selinux working. The initrd only needs to call load_policy
> and nothing else.
>
> Another approach used back in F-9/10 was to patch init itself to load policy.
> That patch could probably be pulled from cvs.
Which approach is likely to be supported in the ARM distribution going
forward? I'd rather keep things simple and not use an initrd, but I'd
like to know if that patch is going to make it into F11 ARM and later
releases.
Thanks,
Per
More information about the fedora-arm
mailing list