Initialization Changes
-
Early initialization for security modules.
- Required for SELinux to set up security state for all kernel
objects.
- Replaced SELinux-specific patch with a security initcall patch
created for LSM by Chris Wright of WireX.
-
Initial policy load
- Reworked API to move initial policy load to userspace.
- Presently performed via an initrd, may migrate to
initramfs.
- Set up existing superblocks and inodes after initial load.