First boot with 20040908 changes

Colin Walters walters at redhat.com
Fri Sep 10 15:09:08 UTC 2004


On Fri, 2004-09-10 at 05:40 -0700, Steve G wrote:
> >I'm not sure what the default policy should be though - most people are 
> >happy about not having to go to the commandline to get access to their 
> >partitions and some people have more or less valid security concerns. 
> 
> OK, I've had some time to think this over. Traditionally, the default is on the
> open - all inclusive side of things unless there is the possibility of damage.
> e.g., tcp_wrapper defaults to open, iptable defaults to open. You must intervene
> to secure the system.
> 
> As long as the drives are only detected and mount points made, it don't have a
> problem. If the drives are *mounted*, I have a real problem. By mounting the
> drive, you may suddenly cause a drive to get fsck'ed by a newer program that
> oopses older kernels,

Has this actually happened?

>  or relabeled by SE Linux which will oops older kernels. 

Yes; it's really a bug that the default relabeling procedure will try to
relabel mount points.  I've submitted a patch to fix this.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://listman.redhat.com/archives/fedora-devel-list/attachments/20040910/8a3812f2/attachment.sig>


More information about the fedora-devel-list mailing list