[Pkg-sysvinit-devel] Bug#580272: sysvinit: Does not load SELinux policy

Martin Orr martin at martinorr.name
Thu May 6 22:32:06 UTC 2010


On Wed  5 May 20:07:23 2010, Petter Reinholdtsen wrote:

> [Martin Orr]
>> With sysvinit 2.88dsf-2 there are no such messages and policy is
>> never loaded.
>
> Hm, that is nasty.  Any idea what is wrong with the relevant code in
> src/init.d?  The current one look like this:

The differences between the old and new code are:
- the sense of the is_selinux_enabled() test is reversed
- /proc is mounted, but I think that this is irrelevant in my case 
because /proc should be already mounted by the initrd.

Presumably the thinking here is that is_selinux_enabled() should return 
1 on a system configured to use SELinux, 0 otherwise, and that the test 
was previously broken because of not mounting /proc.  However 
is_selinux_enabled() only returns 1 after a policy has been loaded, so 
it is of no use to init in trying to find out whether it should load an 
initial policy.

> I do not know the selinux stuff myself, so I need help from someone
> who can test fixes. :)

I am happy to test things.  I shall ask on the SELinux list and with 
init upstream what init should be happening here.

Best wishes,
Martin Orr







More information about the Pkg-sysvinit-devel mailing list