On Mon, Oct 26, 2009 at 01:28:33PM -0500, Manoj Srivastava wrote:
> On Mon, Oct 26 2009, Bastian Blank wrote:
> > Policy is not coupled with init or the libs. This is a problem between
> > the kernel and the policy tools.
> This is not totally true: init loads the initial policy, and
> that means that linking with new versions of selinux libs makes a
> difference at startup. It is, however, irrelevant for upgrades --
We are currently speaking about upgrades. And I doubt that init have the
permission to load the policy again after transiting away from the
initial startup role.
> Which is why currently, as I have said before, re-execing init
> is opportunistic. This may or may not be the case in the future.
No. It is not. All the re-exec init calles are only to start it with
new libs and there is no change visible for that role.
Bastian
--
In the strict scientific sense we all feed on death -- even vegetarians.
-- Spock, "Wolf in the Fold", stardate 3615.4
--
To UNSUBSCRIBE, email to debian-policy-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
