On Wed 12 May 13:17:46 2010, Petter Reinholdtsen wrote:
[Michal Svoboda]
And why we want that? Because the function checks if we already have
a policy loaded in the kernel. 1 means yes, 0 means no and -1 means
no as well. No need to mess with mounting /proc ;-)
Can you test this patch and let
[Michal Svoboda]
> And why we want that? Because the function checks if we already have
> a policy loaded in the kernel. 1 means yes, 0 means no and -1 means
> no as well. No need to mess with mounting /proc ;-)
Can you test this patch and let me know if it work?
Index: src/init.c
===
Martin Orr wrote:
> The differences here are that the new code ensures that /proc is
> mounted, and !is_selinux_enabled() becomes (is_selinux_enabled() >
> 0).
> I think the change was due to this:
> http://thread.gmane.org/gmane.comp.security.selinux/13320
> (is_selinux_enabled() returns -1 if /
With sysvinit 2.88 my SELinux policy is not loaded on boot; with
sysvinit 2.87 everything worked fine. I am running Debian; my
initramfs mounts /proc but does not know about SELinux.
Here are the two pieces of code:
Old code:
if (getenv("SELINUX_INIT") == NULL && !is_selinux_enabled()) {
4 matches
Mail list logo