MLS levels and the initial SID for kernel_t

Daniel J Walsh dwalsh at redhat.com
Wed Aug 3 13:19:35 UTC 2005


Paul Moore wrote:

> Dan's latest MLS policy RPM (as well as some past versions) has a 
> patch in it, mlspol.patch, which contains the following change for 
> initial_sid_contexts:
>
>  -sid kernel        system_u:system_r:kernel_t:s0 - s9:c0.c127
>  +sid kernel        system_u:system_r:kernel_t:s9:c0.c127
>
> From what I can tell this causes some problems, the biggest of which 
> being that init starts at s9 which can cause the system to die on boot 
> when trying to fsck the filesystems.  I'm not entirely sure why this 
> change was made as I would think we would want the kernel to run at 
> s0-s9 or at the very least s0.  Can someone clue me in as to why we 
> want to run the kernel at s9 or, Dan, can you change it back to s0 - s9?
>
> Thanks,
>
I will go with either way.  I don't recall why the change was made.

-- 





More information about the fedora-selinux-list mailing list