On Fri, 10.02.12 16:31, Roberto Sassu ([email protected]) wrote: > > Hi Mimi > > i'm CCing the systemd and Fedora SELinux mailing lists. > > Unfortunately, the SELinux policy initialization (at least > in Fedora 16) has been moved to systemd, so, now, loading an > IMA policy cannot be done in the initial ramdisk. > > Further, the SELinux policy loading code is not in a unit file > but embedded in the main binary, which means that the new code for > loading IMA policies must be added just after that point. > > I already wrote a patch for this. I need some time to test it > and will post in the systemd mailing list at the beginning of > the next week.
Hmm, what is this about? You need a place to load additional security policies into the kernel at early boot? For SELinux that indeed takes place from within PID 1 now in systemd. I'd expect that other security technologies like AppArmor should work the same. If you want to hack on this basing your work on selinux-setup.c in the systemd tree should be fairly easy. Lennart -- Lennart Poettering - Red Hat, Inc. _______________________________________________ systemd-devel mailing list [email protected] http://lists.freedesktop.org/mailman/listinfo/systemd-devel
