-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Jeremy Katz wrote: > On Fri, 2008-07-11 at 19:07 -0300, jeff wrote: >> I don't know what the ramifications are, but it definitely has different >> behaviour if you disable using selinux=0 than if you don't. I see no reason why >> it should be loaded, initialized, etc. if it isn't wanted. > > Because relying on boot options is a great way to cause problems for > yourself later on down the line. If you boot with selinux=0, the > installer disables SELinux for the installed system. The fact that we > use a better and more persistent means of disabling it and also one that > can be reversed if you later decide that you want SELinux is a > *positive* thing. > > Jeremy > Also there is little difference between "selinux=0" and selinux=disabled in the /etc/selinux/config file. The init process checks the config file for this entry and then tells the kernel to disable all SELinux components. selinux=0 disables all SELinux components before init runs. At the time init is running there is no loaded policy, so pretty much SELinux is disabled. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iEYEARECAAYFAkh7SwEACgkQrlYvE4MpobPhXgCcDn48xGhOVhi292Qy43g235Fp eucAoJzCsnIL0RYHYdOqiCYutcdeNBEE =8qoI -----END PGP SIGNATURE----- -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
