Drawing lessons from fatal SELinux bug #1054350

Reindl Harald h.reindl at thelounge.net
Fri Jan 24 19:27:02 UTC 2014

Am 24.01.2014 20:22, schrieb Daniel J Walsh:
> On 01/24/2014 01:35 PM, Reindl Harald wrote:
>> Am 24.01.2014 19:31, schrieb Reindl Harald:
>>> Am 24.01.2014 19:18, schrieb drago01:
>>>> On Fri, Jan 24, 2014 at 7:12 PM, Fabian Deutsch <fabian.deutsch at gmx.de>
>>>> wrote:
>>>>> Am Freitag, den 24.01.2014, 00:55 +0100 schrieb Kevin Kofler:
>>>>>> it is time to analyze the fallout from the following catastrophic 
>>>>>> Fedora 20 regression: 
>>>>>> https://bugzilla.redhat.com/show_bug.cgi?id=1054350 "rpm scriptlets
>>>>>> are exiting with status 127"
>>>>> Hey,
>>>>> can't we add a default boot entry which starts the system in
>>>>> permissive mode?
>>>> How would that help? If a user knows enough about the issue to try it 
>>>> he/she could just switch to permissive mode
>>> in *that* case
>>> in a case where a broken selinux update leads in not boot at all i can
>>> not imagine what i would to besides boot with a CD/DVD/USB
>> to be clear - *i can* edit the boot-params and put selinux=0 there
>> the average user can't but he may remember "uhm something with selinux was
>> one of the last updates" and try the however named option, keep in mind
>> some people own only one machine and can't google for help
> enforcing=0 in the kernel command line will boot the machine in permissive mode

please re-read what you have quoted and don't skip "average user" this time

the question was "can't we add a default boot entry which starts the system in
permissive mode?" and the first reply "If a user knows enough about the issue"

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 246 bytes
Desc: OpenPGP digital signature
URL: <http://lists.fedoraproject.org/pipermail/devel/attachments/20140124/2bced215/attachment.sig>

More information about the devel mailing list