udev slowness and selinux

Rahul Sundaram sundaram at redhat.com
Mon Dec 5 14:43:08 UTC 2005


Stephen Smalley wrote:

>On Mon, 2005-12-05 at 05:49 -0800, Steve G wrote:
>  
>
>>>Hence, I would have expected init to log the "Enforcing mode
>>>requested but no policy loaded. Halting now." message (from
>>>sysvinit-selinux.patch) and then exit normally.
>>>      
>>>
>>I think for lspp we want it to go to a console prompt where the admin can
>>investigate the problem and make repairs.
>>    
>>
>
>The admin already has options there:
>- boot with init=bash to bypass init altogether, or
>- boot with enforcing=0 single to prevent init from halting if it cannot
>load policy and only come up single-user.
>
>But the proper behavior if policy cannot be loaded and the system is in
>enforcing mode is to halt.
>  
>
Wouldnt it be better to continue booting by automatically setting 
SELinux into permissive or disabled state while throwing out warnings at 
bootup and in the logs?.

regards
Rahul




More information about the fedora-devel-list mailing list