MLS levels and the initial SID for kernel_t
Paul Moore
paul.moore at hp.com
Wed Aug 3 13:42:33 UTC 2005
Daniel J Walsh wrote:
> Paul Moore wrote:
>
>> Dan's latest MLS policy RPM (as well as some past versions) has a
>> patch in it, mlspol.patch, which contains the following change for
>> initial_sid_contexts:
>>
>> -sid kernel system_u:system_r:kernel_t:s0 - s9:c0.c127
>> +sid kernel system_u:system_r:kernel_t:s9:c0.c127
>>
>> From what I can tell this causes some problems, the biggest of which
>> being that init starts at s9 which can cause the system to die on boot
>> when trying to fsck the filesystems. I'm not entirely sure why this
>> change was made as I would think we would want the kernel to run at
>> s0-s9 or at the very least s0. Can someone clue me in as to why we
>> want to run the kernel at s9 or, Dan, can you change it back to s0 - s9?
>>
>> Thanks,
>>
> I will go with either way. I don't recall why the change was made.
>
If given a choice I would say s0 - s9 makes the most sense.
--
. paul moore . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. paul.moore at hp.com hewlett packard
. (603) 884-5056 linux security
More information about the fedora-selinux-list
mailing list