udev slowness and selinux
Stephen Smalley
sds at tycho.nsa.gov
Mon Dec 5 14:45:23 UTC 2005
On Mon, 2005-12-05 at 05:49 -0800, Steve G wrote:
> > Hence, I would have expected init to log the "Enforcing mode
> > requested but no policy loaded. Halting now." message (from
> > sysvinit-selinux.patch) and then exit normally.
>
> I think for lspp we want it to go to a console prompt where the admin can
> investigate the problem and make repairs.
The admin already has options there:
- boot with init=bash to bypass init altogether, or
- boot with enforcing=0 single to prevent init from halting if it cannot
load policy and only come up single-user.
But the proper behavior if policy cannot be loaded and the system is in
enforcing mode is to halt.
--
Stephen Smalley
National Security Agency
More information about the fedora-devel-list
mailing list