On Tue, 2004-06-29 at 10:03, Bob Gustafson wrote:
Hmm, that looks pretty useful.
I wonder what it would have looked like with the wrong values in the
For the SELINUXTYPE=, there is no fixed set of legitimate values,
because anyone might install their own "foo" policy under /etc/selinux.
So with SELINUXTYPE=permissive, you would have just seen output like:
And to what effect?
Since the "permissive" directory didn't exist, init wouldn't be able to
load a policy. If enforcing, then init should have died immediately
with an error. If permissive, it should have logged a warning and
proceeded in permissive with no policy loaded.
I did not see any failures, but clearly I had the wrong values in my
It likely wouldn't be captured in /var/log/messages, since this is
happening _before_ syslogd is started. But there should be a message on
the console (but I agree that I also do not see one, so this is a bug).
Stephen Smalley <sds(a)epoch.ncsc.mil>
National Security Agency