On Thu, Feb 20, 2014 at 2:45 PM, Daniel J Walsh <dwa...@redhat.com>
wrote:
You mean
"!in_initrd() || access(selinux_path(), F_OK) >= 0"?
I don't think so - that would mean we would silently continue if
enforcing=1, but we happen to not find a policy on disk. Right?
I think my patch is better than this - systemd will attempt to load
policy from *only* the real root (not the initramfs), using the exact
same logic as is in libselinux currently.
For example, it would allow explicitly specifying enforcing=1 on the
kernel command line, and that would continue to cause an explicit
failure if policy is not found.
_______________________________________________
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel