Rahul Sundaram wrote:
Stephen Smalley wrote:
On Mon, 2005-12-05 at 05:49 -0800, Steve G wrote:
Hence, I would have expected init to log the "Enforcing mode
requested but no policy loaded. Halting now." message (from
sysvinit-selinux.patch) and then exit normally.
I think for lspp we want it to go to a console prompt where the
admin can
investigate the problem and make repairs.
The admin already has options there:
- boot with init=bash to bypass init altogether, or
- boot with enforcing=0 single to prevent init from halting if it cannot
load policy and only come up single-user.
But the proper behavior if policy cannot be loaded and the system is in
enforcing mode is to halt.
Wouldnt it be better to continue booting by automatically setting
SELinux into permissive or disabled state while throwing out warnings
at bootup and in the logs?.
regards
Rahul
No because this would break your security. It might be arguable if it
should bring it to single user mode though.
--
--
fedora-devel-list mailing list
fedora-devel-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-devel-list
