First boot with 20040908 changes
Colin Walters
walters at redhat.com
Fri Sep 10 15:09:08 UTC 2004
On Fri, 2004-09-10 at 05:40 -0700, Steve G wrote:
> >I'm not sure what the default policy should be though - most people are
> >happy about not having to go to the commandline to get access to their
> >partitions and some people have more or less valid security concerns.
>
> OK, I've had some time to think this over. Traditionally, the default is on the
> open - all inclusive side of things unless there is the possibility of damage.
> e.g., tcp_wrapper defaults to open, iptable defaults to open. You must intervene
> to secure the system.
>
> As long as the drives are only detected and mount points made, it don't have a
> problem. If the drives are *mounted*, I have a real problem. By mounting the
> drive, you may suddenly cause a drive to get fsck'ed by a newer program that
> oopses older kernels,
Has this actually happened?
> or relabeled by SE Linux which will oops older kernels.
Yes; it's really a bug that the default relabeling procedure will try to
relabel mount points. I've submitted a patch to fix this.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://listman.redhat.com/archives/fedora-devel-list/attachments/20040910/8a3812f2/attachment.sig>
More information about the fedora-devel-list
mailing list