Joshua Brindle (jbrindle(a)tresys.com) said:
> Yes, but that tends to imply some fairly severe gun -> foot
> interactions on the part of the admin.
The admin need not know what is going on, how many things happen on
average linux systems without an average admins knowledge?
Well, I'd hope that remounting the root FS read-write wouldn't
be one of those. Arguably, you could even set up the policy to disallow
this.
I retract the above statement. Even when making non-persistent
boolean
changes (which I can see happening on these systems) the lock is
attempted. Its still unclear whether setsebool should fallback or if
libsemanage should. I don't like the idea of lockless readers, even if
the filesystem is RO when we start reading.
Hm, I didn't consider booleans. How (at an implementation level)
is setting of booleans done? (I've haven't looked at the backend guts
of the SELinux code that much.)
Bill