Peter Jones wrote:
jeff wrote:
Mr. Cox, do you see and *technical* problems with the selinux=0 passed
to anaconda passed to grub.conf proposal?
If you pass selinux=0 to anaconda, you don't get selinux. It's been
that way since 13-Apr-2004. Did we break it? It doesn't appear to have
been broken intentionally, but I don't try it regularly either, since
With selinux=0 in grub, in dmesg you get:
Security Framework initialized
SELinux: Disabled at boot.
Capability LSM initialized
Without selinux=0 in grub:
Security Framework initialized
SELinux: Initializing.
SELinux: Starting in permissive mode
selinux_register_security: Registering secondary module capability
Capability LSM initialized as secondary
...
SELinux: Registering netfilter hooks
...
SELinux: Disabled at runtime.
SELinux: Unregistering netfilter hooks
> Does the system boot up correctly afterwards?
Yes, assuming the "Starting in permissive mode" is correct.
> What does "getenforce" say when you run it?
"Disabled"
I don't know what the ramifications are, but it definitely has different
behaviour if you disable using selinux=0 than if you don't. I see no reason why
it should be loaded, initialized, etc. if it isn't wanted.
Thanks,
-Jeff
--
fedora-devel-list mailing list
fedora-devel-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-devel-list
