Humpty Dumpty - some successes

[Bob Gustafson]

Richare Hally wrote:
>Bob Gustafson wrote:
snip
>
>> Maybe the grub kernel line overrides whatever is in this file? Perhaps the
>> information in this file controls the boot situation when there is no
>> additional boot grub parameter?
>>
>
>Yes, the kernel line overrides the /etc/sysconfig/selinux. Correct on
>the second part also.

Booting with 'selinux=1 enforcing=1' seems to be the most straightforward
at the moment - since it overrides everything else.

[too bad there is a spelling difference between the
 boot parameter 'enforcing=1' and the
 disk filename '/selinux/enforce'.

 Also too bad about the difference between the binary nature of the
 boot parameter 'selinux=1' and the trinary nature of the
 disk file contents of '/etc/sysconfig/selinux'

 A possible point of confusion for newbie testers.
]

-----

Actual life experience:

I rebuilt the 349 kernel with a slightly different .config (with 1394 and
telephony) and added the 'selinux=1 enforcing=1' to the grub line. Then
boot.

During the boot sequence, there are still a number of audit messages - the
last involving udev with a pid of 2622.

This was the last message. I thought I could hear the disk moving around -
maybe more audit messages were being rejected by the caching, etc.

Went down to have a coffee. When I came back, the screen was the same. Was
it reasonable (??) to think that my string of successes with enforcing=1
SELinux had come to an end? There it was on the screen - a screen full of
audit denied messages - and nothing further.

In the process of fumbling for the power switch, I touched the keyboard
(return probably).

Lo & Behold - the login: prompt appeared. The system had not (yet) reached
its final denied!

[Perhaps this was the situation in my earlier experience where I got to the
power switch first]

BobG