Bugzilla – Bug 132907
mkinitrd should be able to handle SELinux well
Last modified: 2005-12-11 20:19:35 UTC
+++ This bug was initially created as a copy of Bug #131554 +++ Please add the following patch from Fedora to the sysvinit-package: http://cvs.fedora.redhat.com/viewcvs/devel/SysVinit/sysvinit-selinux.patch?view=markup This patch changes sysvinit to load SELinux policy at boot time if it is available (via libselinux). If SELinux is disabled behaviour should be unchanged. This patch is needed for full SELinux support in openSUSE.
Told by Thomas Bleher <bleher@cip.ifi.lmu.de>: Sorry, but it does not work; mkinitrd-1.2-49 (ie the current development version) tries to load a policy version 15 from /etc/security/selinux which is both the wrong version (current policy version is 20) and wrong path (correct would be /etc/selinux/$POLICYTYPE/policy, where POLICYTYPE is something like "strict" or "targeted"). Of course, this could be solved, but I think only supporting loading policy via initrd is not good; there are many people (myself included) who don't use initrds at all; also, the current scheme requires an initrd rebuild on every policy change (which happens quite often while developing policy). But the more important point is that all other distributions supporting SELinux (that is Fedora, Gentoo and Debian) use the patch I linked to. I'm working on integrating SELinux into SUSE; I think it would be cool if SUSE supported SELinux out of the box with as little changes from other distros as possible (even if SELinux is disabled by default which would be OK)
I'm closing this bug because according to Bug #132914, there will be no SELinux support in SUSE, so loading policy on boot is a moot point.