up2date, Large Medium and small updates....
Richard Hally
rhally at mindspring.com
Wed Mar 10 08:27:52 UTC 2004
Fwiw, in grub I set up duplicate sections for a permissive kernel and an
enforcing kernel using ENFORCING on the title line and enforcing=1 on the
kernel line.
Richard Hally
<Snip>
> Also I have taken to adding an alternate boot section in
> /boot/grub/grub.conf. Is this useful, useless, sane, silly,
> underkill, overkill. Thus...:
Grub is really good for allowing you to edit the kernel command line before
booting it. So if you have problems you can always tell it to boot the
kernel with selinux=0 appended even if that is not in your grub.conf.
If you accidentally boot a non-SE kernel then /etc/mtab and a few other
files
will get the wrong label, which will be really annoying for you. We are
working on these issues, but in the mean-time you probably don't want to
make
it too easy to accidentally boot a non-SE kernel.
More information about the fedora-selinux-list
mailing list