On Mon, Oct 26 2009, Bastian Blank wrote:
> Policy is not coupled with init or the libs. This is a problem between
> the kernel and the policy tools.
This is not totally true: init loads the initial policy, and
that means that linking with new versions of selinux libs makes a
difference at startup. It is, however, irrelevant for upgrades --
unless changes in the future libsepol and/or libselinux and init
expand init's role in security.
Which is why currently, as I have said before, re-execing init
is opportunistic. This may or may not be the case in the future.
Am I not getting through, somehow? Have I not re-iterated that
the current situation does not absolutely require init to be re-exec'd,
but it is not unfathomable that it might be in the future? And that
potential is why I brought it up in the first place?
Anyway, I am done addressing this red herring, shiny thought it be.
manoj
--
[Crash programs] fail because they are based on the theory that, with
nine women pregnant, you can get a baby a month. -- Wernher von Braun
Manoj Srivastava <sriva...@debian.org> <http://www.debian.org/~srivasta/>
1024D/BF24424C print 4966 F272 D093 B493 410B 924B 21BA DABB BF24 424C
--
To UNSUBSCRIBE, email to debian-policy-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
