On Saturday 20 September 2008 1:22:31 pm Arjan van de Ven wrote:
On Sat, 20 Sep 2008 13:13:38 -0400
Kyle McMartin <kyle(a)redhat.com> wrote:
> > On further consideration, though, the biggest issue with kicking
> > out the initrd is getting the policy lodaed.
/me wonders about the option of having selinux using
request_firmware() to get its policy
I've started ignoring most of the firmware loading threads a while ago
so I've kinda lost most of the plot there ... a few questions:
* Is the firmware request asynchronous?
* Is there currently a way, or at least nothing in the way that would
prevent a mechanism from bring created, to pause the boot process until
the policy/firmware is loaded? I ask because we would want to make
sure that SELinux policy was loaded before any services are started.
Regardless, we would still need to keep the current policy loading
mechanism in place since we can't break userspace. You should post
this idea on the SELinux list to get some further thought on this ...
--
paul moore
linux @ hp