[Pkg-sysvinit-devel] Bug#580272: sysvinit: Does not load SELinux policy
Martin Orr
martin at martinorr.name
Thu May 6 22:32:06 UTC 2010
On Wed 5 May 20:07:23 2010, Petter Reinholdtsen wrote:
> [Martin Orr]
>> With sysvinit 2.88dsf-2 there are no such messages and policy is
>> never loaded.
>
> Hm, that is nasty. Any idea what is wrong with the relevant code in
> src/init.d? The current one look like this:
The differences between the old and new code are:
- the sense of the is_selinux_enabled() test is reversed
- /proc is mounted, but I think that this is irrelevant in my case
because /proc should be already mounted by the initrd.
Presumably the thinking here is that is_selinux_enabled() should return
1 on a system configured to use SELinux, 0 otherwise, and that the test
was previously broken because of not mounting /proc. However
is_selinux_enabled() only returns 1 after a policy has been loaded, so
it is of no use to init in trying to find out whether it should load an
initial policy.
> I do not know the selinux stuff myself, so I need help from someone
> who can test fixes. :)
I am happy to test things. I shall ask on the SELinux list and with
init upstream what init should be happening here.
Best wishes,
Martin Orr
More information about the Pkg-sysvinit-devel
mailing list