selinux hasn't been running for over a week
Steve Grubb
sgrubb at redhat.com
Fri Sep 18 13:44:55 UTC 2009
Hi,
Just a couple clarifications for anyone implementing this.
On Friday 18 September 2009 07:34:29 am Daniel J Walsh wrote:
> Bottom line is a bug in the dracut scripts. The scripts should execute
> load_policy and if for ANY reason load_policy fails and the machine is in
> enforcing mode the machine needs to crash. (It should also log the
> error).
>
> If the kernel has SELinux and it is not in permissive mode, it should
> execute load_policy
You mean if the machine is in permissive mode, it should load_policy, but not
crash. But it should log the reason so it can be debugged.
> Load_policy will exit with 0 on success or 2 on failure and SELinux in
> permissive mode.
And if chroot fails, we need to handle it.
-Steve
More information about the fedora-devel-list
mailing list