On 10-01-22 13:29:11, Bruno Wolff III wrote: > On Fri, Jan 22, 2010 at 13:15:04 -0500, > Tony Nelson <tonynelson@xxxxxxxxxxxxxxxxx> wrote: > > > > Put SELinux into Permissive mode for single-user mode? Or just > > print a suggestion to do that? (I'd think that SELinux would > > normally be perceived as an obstacle to the normal uses of single- > > user mode.) > > I think doing it automatically is a bad idea. It doesn't save much > over typing "setenforce 0". It does however reduce the security of > the system if you do it by default and there is a vulnerable window > before you get "setenforce 1" entered. What external threats is the system vulnerable to in single-user mode? Networking is off and there are no other users. The only threat I know of is PEBKAC. > The notice seems odd, but I don't think it would cause actual > problems. I just think it would be odd to know to boot to run level 1 > without knowing how to set selinux to permissive mode. 1) not when you're just starting out. 2) not when you're hurrying because an important system won't boot. 3) not when you forgot about selinux. The notice should print only when /selinux/enforce exists and contains "1" (/usr may not be mounted, so we can't depend on /usr/sbin/ sestatus at that time). -- ____________________________________________________________________ TonyN.:' <mailto:tonynelson@xxxxxxxxxxxxxxxxx> ' <http://www.georgeanelson.com/> -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel