Hi all, I'm currently testing what happens when Init detects a load_policy error. The results I have so far are:
== Booting in Enforcing Mode -> The system panics. == Booting in Permissive Mode -> The system boots fine but with SELinux completely disabled in such a way it's not possible to simply setenforce to 1 == Booting in Disabled Mode -> Boots fine with SELinux disabled of course. What I would like to point though is that this way the system does not provide an automatic "Recover Mode" as specified in the Security Target section 19.1.2.3 Manual Recovery (FPT_RCV.1). Currently the system admin is required to modify boot parameters manually to boot in Permissive or Disabled mode, repair the system and then boot it back in Enforcing mode, but simply booting in Permissive mode is a potential security risk as the system would still be in multiuser mode. It's important to require that in case of a load_policy failure the system admin boot the system in Permissive mode **but also in single mode**. Besides that, passing kernel arguments in boot time is not user friendly. Anyway, I'd like to check if this behavior is the one expected. Regards, -- Eduardo M. Fleury IBM Linux Technology Center Brazil Mobile: +55-19-81224410 email/sametime: [EMAIL PROTECTED] -- redhat-lspp mailing list [email protected] https://www.redhat.com/mailman/listinfo/redhat-lspp
