udev slowness and selinux
Daniel J Walsh
dwalsh at redhat.com
Mon Dec 5 14:55:49 UTC 2005
Rahul Sundaram wrote:
> Stephen Smalley wrote:
>
>> On Mon, 2005-12-05 at 05:49 -0800, Steve G wrote:
>>
>>
>>>> Hence, I would have expected init to log the "Enforcing mode
>>>> requested but no policy loaded. Halting now." message (from
>>>> sysvinit-selinux.patch) and then exit normally.
>>>>
>>> I think for lspp we want it to go to a console prompt where the
>>> admin can
>>> investigate the problem and make repairs.
>>>
>>
>> The admin already has options there:
>> - boot with init=bash to bypass init altogether, or
>> - boot with enforcing=0 single to prevent init from halting if it cannot
>> load policy and only come up single-user.
>>
>> But the proper behavior if policy cannot be loaded and the system is in
>> enforcing mode is to halt.
>>
>>
> Wouldnt it be better to continue booting by automatically setting
> SELinux into permissive or disabled state while throwing out warnings
> at bootup and in the logs?.
>
> regards
> Rahul
>
No because this would break your security. It might be arguable if it
should bring it to single user mode though.
--
More information about the fedora-devel-list
mailing list