On Fri, 10.02.12 16:31, Roberto Sassu (roberto.sassu@xxxxxxxxx) wrote:
>
> Hi Mimi
>
> i'm CCing the systemd and Fedora SELinux mailing lists.
>
> Unfortunately, the SELinux policy initialization (at least
> in Fedora 16) has been moved to systemd, so, now, loading an
> IMA policy cannot be done in the initial ramdisk.
>
> Further, the SELinux policy loading code is not in a unit file
> but embedded in the main binary, which means that the new code for
> loading IMA policies must be added just after that point.
>
> I already wrote a patch for this. I need some time to test it
> and will post in the systemd mailing list at the beginning of
> the next week.
Hmm, what is this about? You need a place to load additional security
policies into the kernel at early boot? For SELinux that indeed takes
place from within PID 1 now in systemd. I'd expect that other security
technologies like AppArmor should work the same.
If you want to hack on this basing your work on selinux-setup.c in the
systemd tree should be fairly easy.
Lennart
--
Lennart Poettering - Red Hat, Inc.
--
To unsubscribe from this list: send the line "unsubscribe initramfs" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
[Home]
[Linux USB Devel]
[Video for Linux]
[Linux Audio Users]
[Photo]
[Yosemite News]
[Yosemite Photos]
[Free Online Dating]
[Linux Kernel]
[Linux SCSI]
[XFree86]
