On Fri, 2014-04-25 at 18:26 -0400, Will Woods wrote: > Currently, systemd refuses to load SELinux policy more than once. > > Normal systems don't care, because they either: > a) have initramfs without policy, then load policy after switch-root, or > b) load policy in initramfs, and never switch-root out. > > But if you *do* switch-root more than once - which fedup does! - you're > supposed to run selinux_init_load_policy() afterward to ensure that you set up > selinuxfs and load the new SELinux policy correctly.
For reference, here's the thread from [email protected] where this was discussed: http://marc.info/?l=selinux&m=139782596307221&w=2 The upshot is: yes, we're supposed to do selinux_init_load_policy() after *every* switch-root. -w _______________________________________________ systemd-devel mailing list [email protected] http://lists.freedesktop.org/mailman/listinfo/systemd-devel
