On Wed, Mar 10, 2004 at 03:27:52AM -0500, Richard Hally wrote:
Fwiw, in grub I set up duplicate sections for a permissive kernel and
enforcing kernel using ENFORCING on the title line and enforcing=1 on the
> Also I have taken to adding an alternate boot section in
> /boot/grub/grub.conf. Is this useful, useless, sane, silly,
> underkill, overkill. Thus...:
Grub is really good for allowing you to edit the kernel command line before
booting it. So if you have problems you can always tell it to boot the
kernel with selinux=0 appended even if that is not in your grub.conf.
If you accidentally boot a non-SE kernel then /etc/mtab and a few other
files will get the wrong label, which will be really annoying for you. We are
working on these issues, but in the mean-time you probably don't want to
make it too easy to accidentally boot a non-SE kernel.
Good to know....
I like the enforcing difference... I will move that way.
Setting enforcing to true is the next thing on my list.
Thank to all.
T o m M i t c h e l l
/dev/null the ultimate in secure storage.