On Tuesday 25 August 2009 13:51:14 Manoj Srivastava wrote: > Suse actually copies the file over into the initramfs, instead > of moving the file from /usr/sbin to /sbin; since the only place this > is even marginally useful is before init has started; init loads > selinux policy dorectly without needing load_policy, and re-exec's > itself. > > Given that it is useful during very early biit before init is > stated, it would be good solution to add this file to the > initramfs. other wise even people not sing initrafs will have a larger > /
Actually it is not useful at all to do such things before init is started. All processes that run before init have super-user access. There is no benefit in confining them. init is quite good at loading the policy. We only need to load it automatically in one place. init is about initialising the system, this includes loading the policy. The smallest possible size of the root filesystem will be achieved if init is the only code on it that loads policy. Having several copies of load_policy in the various initramfs files (backup files, files for Xen and non-Xen kernels, and for different kernel versions) takes more space on /boot (which is often the root filesystem). We have had init loading the policy for years, there is no problem with this. There is no need for a change. -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
