Has the boot param syntax/semantics changed?
Stephen Smalley
sds at epoch.ncsc.mil
Tue Jun 29 14:08:48 UTC 2004
On Tue, 2004-06-29 at 10:03, Bob Gustafson wrote:
> Hmm, that looks pretty useful.
>
> I wonder what it would have looked like with the wrong values in the
> /etc/selinux/config?
For the SELINUXTYPE=, there is no fixed set of legitimate values,
because anyone might install their own "foo" policy under /etc/selinux.
So with SELINUXTYPE=permissive, you would have just seen output like:
policypath="/etc/selinux/permissive"
default_type_path="/etc/selinux/permissive/contexts/default_type"
...
> And to what effect?
Since the "permissive" directory didn't exist, init wouldn't be able to
load a policy. If enforcing, then init should have died immediately
with an error. If permissive, it should have logged a warning and
proceeded in permissive with no policy loaded.
> I did not see any failures, but clearly I had the wrong values in my
> /etc/selinux/config file:
It likely wouldn't be captured in /var/log/messages, since this is
happening _before_ syslogd is started. But there should be a message on
the console (but I agree that I also do not see one, so this is a bug).
--
Stephen Smalley <sds at epoch.ncsc.mil>
National Security Agency
More information about the fedora-selinux-list
mailing list