How-to, SELinux+Upstart
Martin Uecker
muecker at gmx.de
Mon Jul 16 20:45:10 BST 2007
Hi,
why not use the load_policy binary? It should be moved from
/usr/sbin to /sbin for this to work when /usr is a different
partition from / or copied to the initramfs. The following
seems to work for me (but I haven't enabled enforcing mode
yet).
Greetings,
Martin
$ cat /etc/initramfs-tools/scripts/init-bottom/selinux
#! /bin/sh
# load selinux policy
PREREQ=""
prereqs () {
echo "$PREREQ"
}
case $1 in
prereqs)
prereqs
exit 0
;;
esac
. /scripts/functions
. /root/etc/selinux/config
# Check config variables here?
log_begin_msg "Mounting selinuxfs"
mount -t selinuxfs none /root/selinux
log_end_msg
log_begin_msg "Loading selinux policy"
# load_policy should be moved to /sbin
chroot /root /usr/sbin/load_policy
log_end_msg
exit 0
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Dies ist ein digital signierter Nachrichtenteil
Url : https://lists.ubuntu.com/archives/upstart-devel/attachments/20070716/b367c112/attachment.pgp
More information about the upstart-devel
mailing list