[redhat-lspp] Behavior on load_policy failure
Eduardo Madeira Fleury
efleury at br.ibm.com
Thu Jul 20 21:30:14 UTC 2006
Hi all,
I'm currently testing what happens when Init detects a load_policy error. The
results I have so far are:
== Booting in Enforcing Mode -> The system panics.
== Booting in Permissive Mode -> The system boots fine but with SELinux
completely disabled in such a way it's not possible to simply setenforce to 1
== Booting in Disabled Mode -> Boots fine with SELinux disabled of course.
What I would like to point though is that this way the system does not provide
an automatic "Recover Mode" as specified in the Security Target section
19.1.2.3 Manual Recovery (FPT_RCV.1).
Currently the system admin is required to modify boot parameters manually to
boot in Permissive or Disabled mode, repair the system and then boot it back
in Enforcing mode, but simply booting in Permissive mode is a potential
security risk as the system would still be in multiuser mode.
It's important to require that in case of a load_policy failure the system
admin boot the system in Permissive mode **but also in single mode**.
Besides that, passing kernel arguments in boot time is not user friendly.
Anyway, I'd like to check if this behavior is the one expected.
Regards,
--
Eduardo M. Fleury
IBM Linux Technology Center Brazil
Mobile: +55-19-81224410
email/sametime: efleury at br.ibm.com
More information about the redhat-lspp
mailing list