Re: Parallellizing the boot in Debian Squeeze - ready for wider testing

On Sun, May 09, 2010 at 02:45:39PM -0700, Manoj Srivastava wrote:
>         One of my concerns about upstart is that systems that want to
>  use SELinux and upstart _have_ to also use an initramfs, which is yet
>  another component of the system that has to be audited.  There have
>  been patches proposed, and semi-rejected b the upstart folks, who are
>  of the opinions that only systems using initramfs need apply.

>         The bug report in question is #543420, please read it for the
>  details (I am arguably biased). I am also willing to re-work the patch
>  to not link with libsepol, so minimizing the dependencies to
>  libselinux. 

In speaking with upstart upstream, I understand that the argument against
linking to libselinux is that, as the kernel is neutral wrt the choice of
LSM, the init process should be also.  Linking it against libselinux would
not be LSM-neutral.

And you don't have to use an initramfs; the same result could be achieved
with a shim init on the root filesystem that does nothing but set up the
SELinux context correctly and then exec upstart.

