up2date, Large Medium and small updates....
Tom Mitchell
mitch48 at yahoo.com
Wed Mar 10 09:18:08 UTC 2004
On Wed, Mar 10, 2004 at 03:27:52AM -0500, Richard Hally wrote:
> Fwiw, in grub I set up duplicate sections for a permissive kernel and an
> enforcing kernel using ENFORCING on the title line and enforcing=1 on the
> kernel line.
>
> Richard Hally
>
> <Snip>
> > Also I have taken to adding an alternate boot section in
> > /boot/grub/grub.conf. Is this useful, useless, sane, silly,
> > underkill, overkill. Thus...:
>
> Grub is really good for allowing you to edit the kernel command line before
> booting it. So if you have problems you can always tell it to boot the
> kernel with selinux=0 appended even if that is not in your grub.conf.
>
> If you accidentally boot a non-SE kernel then /etc/mtab and a few other
> files will get the wrong label, which will be really annoying for you. We are
> working on these issues, but in the mean-time you probably don't want to
> make it too easy to accidentally boot a non-SE kernel.
Good to know....
I like the enforcing difference... I will move that way.
Setting enforcing to true is the next thing on my list.
Thank to all.
Later,
tom
--
T o m M i t c h e l l
/dev/null the ultimate in secure storage.
More information about the fedora-selinux-list
mailing list