Bug 463117 - RFE: Have SELinux use request_firmware for it's policy
Summary: RFE: Have SELinux use request_firmware for it's policy
Keywords:
Status: CLOSED UPSTREAM
Alias: None
Product: Fedora
Classification: Fedora
Component: kernel
Version: rawhide
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Jack Rieden
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2008-09-21 22:09 UTC by Arjan van de Ven
Modified: 2012-05-24 16:55 UTC (History)
4 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2012-05-24 16:55:00 UTC
Type: ---
Embargoed:

Attachments (Terms of Use)

Description Arjan van de Ven 2008-09-21 22:09:06 UTC 
Description of problem:

currently SELinux is requiring an initrd to load the initial policy. This is just about the last thing that makes systems need an initrd. initrd's add a significant amount of time to the boot process, so it's worth eliminating them for the common cases.

A good solution could be if SELinux would use request_firmware() to load the policy. (this can be done after mounting / etc)

A positive side effect of this is that SElinux then suddenly can benefit as well from all the improvements made in the recent past (and in the future) of the firmware loader (such as optionally building the policy into the kernel transparently etc etc)
Comment 1 John Poelstra 2008-09-22 15:42:00 UTC 
Not sure who this bug should be assigned to... kernel-maint or one of the SELinux developers?
Comment 2 James Morris 2009-04-13 23:47:21 UTC 
I thought this had been discussed at some point, but can't recall the outcome.
Comment 3 Stephen Smalley 2009-04-14 13:11:47 UTC 
Take it up on selinux list.
It would help if the proposal were a bit more concrete and/or someone were to actually prototype it and compare it against the current method.
Note You need to log in before you can comment on or make changes to this bug.