Hi<br><br>I was looking around on the initramfs to try to understand how you will load the policy at that point in the boot process, using the selinux_init_load_policy() from libselinux would be ideal since it does everything for you, but you would have to boot without the 'ro' flag otherwise it wont be able to write to syslog, or rewrite code that already exists in libselinux? or load the libraries and shared objects onto initramfs for the executable? Could you please clarify to me how this would be done from initramfs?
<br><br>Also when running this pre-init executable, after a successful policy load and a relabel, init which replaces the pre-init will have the context system_u:system_r:init_t , so it get's into the right context, though it will show as '/sbin/pre-init' in 'ps Zaux'.
<br><br><br>Updated this pre-init for those who want to try it :<br><br>#include <unistd.h><br>#include <selinux/selinux.h><br>#include <stdio.h><br><br>int main(int argc, char *argv[]) {<br> int enforce = 0;
<br><br> if ( ! getenv("SELINUX_INIT") ) {<br> putenv( "SELINUX_INIT=YES" );<br><br> if( selinux_init_load_policy(&enforce) == 0 ) {<br> printf("SELinux: Policy loaded successfully.");
<br> execv("/sbin/init", argv);<br><br> } else if( enforce > 0 ) {<br> printf("SELinux: Enforcing mode enabled but load_policy failed.");
<br> }<br> } else {<br> execv("/sbin/init", argv);<br> }<br> return 0;<br>}<br><br>-----------<br><br>Thanks<br><br>