MLS levels and the initial SID for kernel_t
Daniel J Walsh
dwalsh at redhat.com
Wed Aug 3 13:19:35 UTC 2005
Paul Moore wrote:
> Dan's latest MLS policy RPM (as well as some past versions) has a
> patch in it, mlspol.patch, which contains the following change for
> initial_sid_contexts:
>
> -sid kernel system_u:system_r:kernel_t:s0 - s9:c0.c127
> +sid kernel system_u:system_r:kernel_t:s9:c0.c127
>
> From what I can tell this causes some problems, the biggest of which
> being that init starts at s9 which can cause the system to die on boot
> when trying to fsck the filesystems. I'm not entirely sure why this
> change was made as I would think we would want the kernel to run at
> s0-s9 or at the very least s0. Can someone clue me in as to why we
> want to run the kernel at s9 or, Dan, can you change it back to s0 - s9?
>
> Thanks,
>
I will go with either way. I don't recall why the change was made.
--
More information about the fedora-selinux-list
mailing list