|
Bugzilla – Full Text Bug Listing |
| Summary: | mkinitrd should be able to handle SELinux well | ||
|---|---|---|---|
| Product: | [openSUSE] SUSE Linux 10.1 | Reporter: | Dr. Werner Fink <werner> |
| Component: | Basesystem | Assignee: | Hannes Reinecke <hare> |
| Status: | RESOLVED WONTFIX | QA Contact: | E-mail List <qa-bugs> |
| Severity: | Enhancement | ||
| Priority: | P5 - None | CC: | bleher, werner |
| Version: | unspecified | ||
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Other | ||
| Whiteboard: | |||
| Found By: | Customer | Services Priority: | |
| Business Priority: | Blocker: | --- | |
| Marketing QA Status: | --- | IT Deployment: | --- |
| Bug Depends on: | 131554 | ||
| Bug Blocks: | |||
|
Description
Dr. Werner Fink
2005-11-09 13:56:57 UTC
Told by Thomas Bleher <bleher@cip.ifi.lmu.de>: Sorry, but it does not work; mkinitrd-1.2-49 (ie the current development version) tries to load a policy version 15 from /etc/security/selinux which is both the wrong version (current policy version is 20) and wrong path (correct would be /etc/selinux/$POLICYTYPE/policy, where POLICYTYPE is something like "strict" or "targeted"). Of course, this could be solved, but I think only supporting loading policy via initrd is not good; there are many people (myself included) who don't use initrds at all; also, the current scheme requires an initrd rebuild on every policy change (which happens quite often while developing policy). But the more important point is that all other distributions supporting SELinux (that is Fedora, Gentoo and Debian) use the patch I linked to. I'm working on integrating SELinux into SUSE; I think it would be cool if SUSE supported SELinux out of the box with as little changes from other distros as possible (even if SELinux is disabled by default which would be OK) I'm closing this bug because according to Bug #132914, there will be no SELinux support in SUSE, so loading policy on boot is a moot point. |