On Thu, 2004-04-08 at 13:04, Valdis.Kletnieks@vt.edu wrote:
> What would be the upgrade path when installing a new kernel? Would there be an
> option for the policy tools similar to the current mkinitrd, that allows you to
> specify the kernel version to use (so you can build an initrd for the kernel
> you're about to try to boot)?

Yes, I think so. Might be a front-end wrapper for checkpolicy that calls the right checkpolicy-{kernelrelease} binary to generate the policy for that kernel release.

> What would the scheme be if you had to for some reason boot an older kernel
> (for instance, having to drop back to 2.6.5-mm1 because -mm2 is b0rked for
> something)?

If you include the kernel release in the policy pathname (e.g. /etc/security/selinux/`uname -r`/policy), as with kernel modules (/lib/modules/`uname -r`), then the old policy should still be there and should be used by the older kernel if you reboot it.

-- 
Stephen Smalley <sds@epoch.ncsc.mil>
National Security Agency


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.