[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: udev slowness and selinux



>>But the proper behavior if policy cannot be loaded and the system is in
>>enforcing mode is to halt.

>From RBAC-987:

FPT_RCV.1.1 After a failure or service discontinuity, the TSF shall enter a
maintenance mode where the ability to return the TOE to a secure state is
provided

The phrasing "shall enter" seems to imply automatically to me.

>Wouldnt it be better to continue booting by automatically setting 
>SELinux into permissive or disabled state while throwing out warnings at
>bootup and in the logs?

That might be OK if someone could select that failure policy, but that is not
what we want in a secure environment.

-Steve


		
__________________________________ 
Start your day with Yahoo! - Make it your home page! 
http://www.yahoo.com/r/hs


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]