On Wed, Mar 10, 2004 at 03:27:52AM -0500, Richard Hally wrote: > Fwiw, in grub I set up duplicate sections for a permissive kernel and an > enforcing kernel using ENFORCING on the title line and enforcing=1 on the > kernel line. > > Richard Hally > > <Snip> > > Also I have taken to adding an alternate boot section in > > /boot/grub/grub.conf. Is this useful, useless, sane, silly, > > underkill, overkill. Thus...: > > Grub is really good for allowing you to edit the kernel command line before > booting it. So if you have problems you can always tell it to boot the > kernel with selinux=0 appended even if that is not in your grub.conf. > > If you accidentally boot a non-SE kernel then /etc/mtab and a few other > files will get the wrong label, which will be really annoying for you. We are > working on these issues, but in the mean-time you probably don't want to > make it too easy to accidentally boot a non-SE kernel. Good to know.... I like the enforcing difference... I will move that way. Setting enforcing to true is the next thing on my list. Thank to all. Later, tom -- T o m M i t c h e l l /dev/null the ultimate in secure storage.
