On Wednesday 31 December 2008 08:09, Frans Pop <elen...@planet.nl> wrote: > > I think this needs to be at Priority: standard as a necessary step in > > SELinux bootstrapping, but I realize this is contentious. > > Not really. SELinux is not even close to functional after a standard > installation. For one thing, it gets installed *after* the initrd gets > generated and the initrd does not get regenerated, so the admin has to do > that manually after rebooting into the installed system.
There is no need to regenerate an initrd in Debian. Having a modified initrd for SE Linux was an experiment that I tried in about 2003, and I determined it to be a failure. Among other things relying on an initrd meant that platforms without initrd support (such as Cobalt) would not support SE Linux. http://etbe.coker.com.au/2008/07/24/se-linux-policy-loading/ The recent plans by Red Hat and Ubuntu to modify an initramfs instead of modifying upstart is something that I consider to be a great mistake (see the above URL for more information). I will personally write a SE Linux patch for every package that provides /sbin/init in Debian which becomes generally supported (IE not in experimental). -- russ...@coker.com.au http://etbe.coker.com.au/ My Main Blog http://doc.coker.com.au/ My Documents Blog -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
