[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [Libguestfs] [PATCH] Allow selinux=? and enforcing=? kernel flags to be controlled



On 12/08/09 16:48, Richard W.M. Jones wrote:
On Wed, Aug 12, 2009 at 04:32:48PM +0100, Matthew Booth wrote:
On 12/08/09 16:22, Richard W.M. Jones wrote:
This is a pretty uncontroversial patch which just allows the
selinux=? and enforcing=? flags on the kernel command line
to be controlled.

Currently libguestfs unconditionally passes selinux=0.  By default
this patch does the same thing, but allows programs to enable SELinux
in the kernel and/or set it to enforcing mode.
Patch looks ok except that we shouldn't include the enforcing flag. I
can't conceive of any reason we'd want SELinux in enforcing mode in the
appliance. If selinux=1, then assume enforcing=0.

Does it do any harm (now that I've written the code anyway)?

It adds another command line option to be maintained and documented.

Matt
--
Matthew Booth, RHCA, RHCSS
Red Hat Engineering, Virtualisation Team

M:       +44 (0)7977 267231
GPG ID:  D33C3490
GPG FPR: 3733 612D 2D05 5458 8A8A 1600 3441 EA19 D33C 3490


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]