Has the boot param syntax/semantics changed?
Bob Gustafson
bobgus at rcn.com
Tue Jun 29 13:15:49 UTC 2004
Yeah, got it.
I have my params set to:
[root at hoho2 etc]# cat selinux/config
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcinfg - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
#SELINUX=disabled
SELINUX=permissive
SELINUXTYPE=strict
Also just for good measure - my boot params are 'selinux=1 enforcing=0'
Would be nice if the routines parsing these values would holler out if
there are syntax errors (or manual mis-readings.., incorrect values, etc.)
BobG
On Mon, 28 Jun 2004 20:58:10 -0700, Tom London wrote:
>Yeah, you don't want to set SELINUXTYPE to permissive. That appears to
>be the
>same as selecting the 'targeted' policy. (I guess, 'not strict').
>(The comment in the config file says SELINUXTYPE can take one of two
>values, targeted or strict).
>
>To select permissive mode, you set SELINUX=permissive. For me, setting
>SELINUX to permissive is the same as booting with 'enforcing=0'.
>
>tom
>
More information about the fedora-selinux-list
mailing list