udev slowness and selinux
Stephen Smalley
sds at tycho.nsa.gov
Mon Dec 5 15:47:49 UTC 2005
On Mon, 2005-12-05 at 09:55 -0500, Daniel J Walsh wrote:
> No because this would break your security. It might be arguable if it
> should bring it to single user mode though.
Disagree. You already have the options of booting with init=/bin/bash
or booting with enforcing=0 single _if_ the machine is configured to
allow setting of boot parameters (which might require a password).
Automatically switching to single-user mode would mean that someone
could always reach single-user mode by inducing a failure that corrupts
the policy (hopefully not possible in the first place, but...).
I do agree that the message should be more informative though, and that
it should be flushed to the console...
--
Stephen Smalley
National Security Agency
More information about the fedora-devel-list
mailing list