Richare Hally wrote: >Bob Gustafson wrote: snip > >> Maybe the grub kernel line overrides whatever is in this file? Perhaps the >> information in this file controls the boot situation when there is no >> additional boot grub parameter? >> > >Yes, the kernel line overrides the /etc/sysconfig/selinux. Correct on >the second part also. Booting with 'selinux=1 enforcing=1' seems to be the most straightforward at the moment - since it overrides everything else. [too bad there is a spelling difference between the boot parameter 'enforcing=1' and the disk filename '/selinux/enforce'. Also too bad about the difference between the binary nature of the boot parameter 'selinux=1' and the trinary nature of the disk file contents of '/etc/sysconfig/selinux' A possible point of confusion for newbie testers. ] ----- Actual life experience: I rebuilt the 349 kernel with a slightly different .config (with 1394 and telephony) and added the 'selinux=1 enforcing=1' to the grub line. Then boot. During the boot sequence, there are still a number of audit messages - the last involving udev with a pid of 2622. This was the last message. I thought I could hear the disk moving around - maybe more audit messages were being rejected by the caching, etc. Went down to have a coffee. When I came back, the screen was the same. Was it reasonable (??) to think that my string of successes with enforcing=1 SELinux had come to an end? There it was on the screen - a screen full of audit denied messages - and nothing further. In the process of fumbling for the power switch, I touched the keyboard (return probably). Lo & Behold - the login: prompt appeared. The system had not (yet) reached its final denied! [Perhaps this was the situation in my earlier experience where I got to the power switch first] BobG
