Bug 463117 - RFE: Have SELinux use request_firmware for it's policy
RFE: Have SELinux use request_firmware for it's policy
Status: CLOSED UPSTREAM
Product: Fedora
Classification: Fedora
Component: kernel (Show other bugs)
rawhide
All Linux
medium Severity medium
: ---
: ---
Assigned To: Jack Rieden
Fedora Extras Quality Assurance
: FutureFeature
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2008-09-21 18:09 EDT by Arjan van de Ven
Modified: 2012-05-24 12:55 EDT (History)
4 users (show)

See Also:
Fixed In Version:
Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2012-05-24 12:55:00 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Arjan van de Ven 2008-09-21 18:09:06 EDT
Description of problem:

currently SELinux is requiring an initrd to load the initial policy. This is just about the last thing that makes systems need an initrd. initrd's add a significant amount of time to the boot process, so it's worth eliminating them for the common cases.

A good solution could be if SELinux would use request_firmware() to load the policy. (this can be done after mounting / etc)

A positive side effect of this is that SElinux then suddenly can benefit as well from all the improvements made in the recent past (and in the future) of the firmware loader (such as optionally building the policy into the kernel transparently etc etc)
Comment 1 John Poelstra 2008-09-22 11:42:00 EDT
Not sure who this bug should be assigned to... kernel-maint or one of the SELinux developers?
Comment 2 James Morris 2009-04-13 19:47:21 EDT
I thought this had been discussed at some point, but can't recall the outcome.
Comment 3 Stephen Smalley 2009-04-14 09:11:47 EDT
Take it up on selinux list.
It would help if the proposal were a bit more concrete and/or someone were to actually prototype it and compare it against the current method.

Note You need to log in before you can comment on or make changes to this bug.