Re: Request to re-add option to disable SELinux - compromise

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Jeremy Katz wrote:
> On Fri, 2008-07-11 at 19:07 -0300, jeff wrote:
>> I don't know what the ramifications are, but it definitely has different 
>> behaviour if you disable using selinux=0 than if you don't. I see no reason why 
>> it should be loaded, initialized, etc. if it isn't wanted.
> 
> Because relying on boot options is a great way to cause problems for
> yourself later on down the line.  If you boot with selinux=0, the
> installer disables SELinux for the installed system.  The fact that we
> use a better and more persistent means of disabling it and also one that
> can be reversed if you later decide that you want SELinux is a
> *positive* thing.
> 
> Jeremy
> 
Also there is little difference between "selinux=0" and selinux=disabled
in the /etc/selinux/config file.

The init process checks the config file for this entry and then tells
the kernel to disable all SELinux components.  selinux=0 disables all
SELinux components before init runs.  At the time init is running there
is no loaded policy, so pretty much SELinux is disabled.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAkh7SwEACgkQrlYvE4MpobPhXgCcDn48xGhOVhi292Qy43g235Fp
eucAoJzCsnIL0RYHYdOqiCYutcdeNBEE
=8qoI
-----END PGP SIGNATURE-----

-- 
fedora-devel-list mailing list
fedora-devel-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-devel-list

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux