On 05/24/2018 01:48 AM, shagun maheshwari wrote:
> Hi,
>
> We have done changes in our Centos7.4 to disable the unconfined user from our
> code. We have created an iso in which we have replaced unconfined with sysadm
> and we are performing an upgrade using the new iso.
> After upgrade current partition stop working. It started expecting policies
> for unconfined when we perform reboot things started working fine again.
> We are suspecting some issues with this command "load_policy -qi" when this
> command is being executed on partB in permissive mode and after we move the
> system to enforcing mode. It starts giving denials for unconfined.
>
> Can you explain what exactly load_policy do?
> Does it load the policies for all the partitions of the system?
load_policy always loads the active system policy as defined by
/etc/selinux/config. If you want it to load a policy from another partition
you need to run it under chroot or a filesystem namespace such that it uses
/etc/selinux from the other partition. It only loads one policy though, not
multiple.
___
Selinux mailing list
Selinux@tycho.nsa.gov
To unsubscribe, send email to selinux-le...@tycho.nsa.gov.
To get help, send an email containing "help" to selinux-requ...@tycho.nsa.gov.