[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#545691: diverting telinit

On Mon, Oct 26 2009, Bastian Blank wrote:

> Policy is not coupled with init or the libs. This is a problem between
> the kernel and the policy tools.

        This is not totally true: init loads the initial policy, and
 that means that linking with new versions of selinux libs makes a
 difference at startup. It is, however, irrelevant for upgrades --
 unless changes in the future libsepol and/or libselinux   and init
 expand init's role in security.

        Which is why currently, as I  have said before, re-execing init
 is opportunistic.  This may or may not be the case in the future.

        Am I not getting through, somehow? Have I not re-iterated that
 the current situation does not absolutely require init to be re-exec'd,
 but it is not unfathomable that it might be in the future? And that
 potential is why I brought it up in the first place? 

        Anyway, I am done addressing this red herring, shiny thought it be.

[Crash programs] fail because they are based on the theory that, with
nine women pregnant, you can get a baby a month.  -- Wernher von Braun
Manoj Srivastava <srivasta@debian.org> <http://www.debian.org/~srivasta/>  
1024D/BF24424C print 4966 F272 D093 B493 410B  924B 21BA DABB BF24 424C

Reply to: