who provides /etc/sysconfig/selinux?

Daniel J Walsh dwalsh at redhat.com
Thu Apr 8 11:27:08 UTC 2004


Bill Nottingham wrote:

>Richard Hally (rhally at mindspring.com) said: 
>  
>
>>The purpose of the file is to set one of the three values when the 
>>system boots but not change it on the fly while the system is up?
>>    
>>
>
>Mainly to set the value when the system boots, although it will
>change the enforcing level if you change it while it's operational.
>
>  
>
>>OK, so  the next question is where is that file read  and used ?  the 
>>init program?  sysinit?
>>    
>>
>
>By init, yes.
>
>  
>
>>I get the impression that it will be overridden 
>>by kernel parameters, how does that happen?
>>    
>>
>
>It's a priority mechanism - kernel parameters (selinux=0, or enforcing=(1|0))
>take precedence, then the values in /etc/sysconfig/selinux, then whatever
>the kernel default is.
>
>  
>
>>Last question, has consideration been given to changing the value in 
>>that file when someone changes the actual status of SELinux(enforcing or 
>>permissive) with setenforce.
>>    
>>
>
>Not really... setenforce is (IMO) used for temporary changes.
>
>  
>
/selinux/enforce value changes depending whether you are enforcing mode 
or not.  Of course you can report
this via getenforce.

>Bill
>
>
>  
>





More information about the fedora-test-list mailing list