Richare Hally wrote:
Bob Gustafson wrote:
snip
> Maybe the grub kernel line overrides whatever is in this file? Perhaps the
> information in this file controls the boot situation when there is no
> additional boot grub parameter?
>
Yes, the kernel line overrides the /etc/sysconfig/selinux. Correct on
the second part also.
Booting with 'selinux=1 enforcing=1' seems to be the most straightforward
at the moment - since it overrides everything else.
[too bad there is a spelling difference between the
boot parameter 'enforcing=1' and the
disk filename '/selinux/enforce'.
Also too bad about the difference between the binary nature of the
boot parameter 'selinux=1' and the trinary nature of the
disk file contents of '/etc/sysconfig/selinux'
A possible point of confusion for newbie testers.
]
-----
Actual life experience:
I rebuilt the 349 kernel with a slightly different .config (with 1394 and
telephony) and added the 'selinux=1 enforcing=1' to the grub line. Then
boot.
During the boot sequence, there are still a number of audit messages - the
last involving udev with a pid of 2622.
This was the last message. I thought I could hear the disk moving around -
maybe more audit messages were being rejected by the caching, etc.
Went down to have a coffee. When I came back, the screen was the same. Was
it reasonable (??) to think that my string of successes with enforcing=1
SELinux had come to an end? There it was on the screen - a screen full of
audit denied messages - and nothing further.
In the process of fumbling for the power switch, I touched the keyboard
(return probably).
Lo & Behold - the login: prompt appeared. The system had not (yet) reached
its final denied!
[Perhaps this was the situation in my earlier experience where I got to the
power switch first]
BobG