udev slowness and selinux
Steve G
linux_4ever at yahoo.com
Mon Dec 5 14:51:45 UTC 2005
>>But the proper behavior if policy cannot be loaded and the system is in
>>enforcing mode is to halt.
>From RBAC-987:
FPT_RCV.1.1 After a failure or service discontinuity, the TSF shall enter a
maintenance mode where the ability to return the TOE to a secure state is
provided
The phrasing "shall enter" seems to imply automatically to me.
>Wouldnt it be better to continue booting by automatically setting
>SELinux into permissive or disabled state while throwing out warnings at
>bootup and in the logs?
That might be OK if someone could select that failure policy, but that is not
what we want in a secure environment.
-Steve
__________________________________
Start your day with Yahoo! - Make it your home page!
http://www.yahoo.com/r/hs
More information about the fedora-devel-list
mailing list