On Thu, 08 Apr 2004 09:21:35 EDT, Stephen Smalley said:

> seems inconsistent with typical kernel practice. James has proposed
> dropping the backward compatibility support, and requiring that every
> installed kernel have a suitable binary policy installed, possibly
> encoding the associated kernel release (e.g. output of uname -r) in the
> binary policy pathname (and possibly doing likewise for the checkpolicy
> program?).
>
> Thoughts?

What would be the upgrade path when installing a new kernel? Would there be an option for the policy tools similar to the current mkinitrd, that allows you to specify the kernel version to use (so you can build an initrd for the kernel you're about to try to boot)? The other option is having to boot into some sort of single-user mode and then do the make reload/relabel before continuing to multiuser.

What would the scheme be if you had to for some reason boot an older kernel (for instance, having to drop back to 2.6.5-mm1 because -mm2 is b0rked for something)?

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.



application/pgp-signature attachment: stored