[Pkg-sysvinit-devel] Bug#330592: init segfault when /selinux exists but a policy can't be loaded

David Härdeman david at hardeman.nu
Thu Nov 2 10:05:40 CET 2006


On Wed, November 1, 2006 23:08, James Westby said:
> It seems clear that the actions I described do not trigger a segfault
> like the original report, however it is not clear to me that these
> actions are the ones from the original report.
>
> Ernest has stated that he did not have a policy installed, which I find
> very odd, as I believe SELinux will not try and load a policy if one has
> not been installed.

>From reading the source (of version -20), init will try to load a policy
provided that:

1) /selinux is available; and
2) selinuxfs can be successfully mounted on /selinux

The kernel command line options doesn't seem to matter for whether the
policies are loaded or not.

> Thinking about it now it is conceivable that the bug was fixed by a
> change in a different package, either:
>
>   * The kernel no longer tries to initialise SELinux by default (I doubt
>     it ever did though).
>
>   * SELinux used to try and load a policy even if one has not been
>     configured/installed.

    * One of the libraries that init depends on had a bug which has been
      fixed

-- 
David Härdeman





More information about the Pkg-sysvinit-devel mailing list