-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 > From: owner-selinux@xxxxxxxxxxxxx [mailto:owner-selinux@xxxxxxxxxxxxx] > On Behalf Of Stephen Smalley > It would be more useful to just build a kernel with a config that > disabled the support for permissive mode and runtime disable > altogether; Is this the current recommended way of preventing SELinux from being switched off? There's a FAQ somewhere that used suggest disabling a particular macro in the policy build (which I can't recall off the top of my head) but by the time I got around to trying it out it on a test system the technique no longer worked. Cheers, Waider. - -- Ronan Waide / waider@xxxxxxxxxx -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (MingW32) iD8DBQFHst0lBK4+zUKLsUkRAh5iAJ0YsGzYawUdra5uqxPQD5nJTzQU+wCfWU5D dRfh+aboTpBtCW4q8+6TlT0= =hU46 -----END PGP SIGNATURE----- -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
