udev slowness and selinux

Steve G linux_4ever at yahoo.com
Mon Dec 5 14:51:45 UTC 2005


>>But the proper behavior if policy cannot be loaded and the system is in
>>enforcing mode is to halt.

>From RBAC-987:

FPT_RCV.1.1 After a failure or service discontinuity, the TSF shall enter a
maintenance mode where the ability to return the TOE to a secure state is
provided

The phrasing "shall enter" seems to imply automatically to me.

>Wouldnt it be better to continue booting by automatically setting 
>SELinux into permissive or disabled state while throwing out warnings at
>bootup and in the logs?

That might be OK if someone could select that failure policy, but that is not
what we want in a secure environment.

-Steve


		
__________________________________ 
Start your day with Yahoo! - Make it your home page! 
http://www.yahoo.com/r/hs




More information about the fedora-devel-list mailing list