diff options
author | Colin Walters <walters@verbum.org> | 2014-02-21 03:29:00 +0100 |
---|---|---|
committer | Lennart Poettering <lennart@poettering.net> | 2014-02-21 03:30:18 +0100 |
commit | 37f78db2f4a33474fc349f406b0a0a48e9c573a2 (patch) | |
tree | 9dccace64bf1c211d0dac096baa2675936d3d3d8 /src/core/audit-fd.h | |
parent | fdc8509fb61965698b7a54e3d0ac094650f21cad (diff) |
selinux: Don't attempt to load policy in initramfs if it doesn't exist
Currently on at least Fedora, SELinux policy does not come in the
initramfs. systemd will attempt to load *both* in the initramfs and
in the real root.
Now, the selinux_init_load_policy() API has a regular error return
value, as well as an "enforcing" boolean. To determine enforcing
state, it looks for /etc/selinux/config as well as the presence of
"enforcing=" on the kernel command line.
Ordinarily, neither of those exist in the initramfs, so it will return
"unknown" for enforcing, and systemd will simply ignore the failure to
load policy.
Diffstat (limited to 'src/core/audit-fd.h')
0 files changed, 0 insertions, 0 deletions