MLS levels and the initial SID for kernel_t
Paul Moore
paul.moore at hp.com
Tue Aug 2 19:54:50 UTC 2005
Dan's latest MLS policy RPM (as well as some past versions) has a patch
in it, mlspol.patch, which contains the following change for
initial_sid_contexts:
-sid kernel system_u:system_r:kernel_t:s0 - s9:c0.c127
+sid kernel system_u:system_r:kernel_t:s9:c0.c127
From what I can tell this causes some problems, the biggest of which
being that init starts at s9 which can cause the system to die on boot
when trying to fsck the filesystems. I'm not entirely sure why this
change was made as I would think we would want the kernel to run at
s0-s9 or at the very least s0. Can someone clue me in as to why we want
to run the kernel at s9 or, Dan, can you change it back to s0 - s9?
Thanks,
--
. paul moore . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. paul.moore at hp.com hewlett packard
. (603) 884-5056 linux security
More information about the fedora-selinux-list
mailing list