Hi Currently I'm thinking about disable SECURITY_SELINUX_DEVELOP by default to enhance security, So hacker can not easily turn off selinux by modify the global variable "selinux_enforing".
Question: If SECURITY_SELINUX_DEVELOP is disabled, the kernel will run in enforcing mode from start, but there is no policy before init process load sepolicy into kernel. In this no policy but enforcing stage, what will kernel behave? Will there be avc denied before loading sepolicy? Respectfully.
_______________________________________________ Seandroid-list mailing list Seandroid-list@tycho.nsa.gov To unsubscribe, send email to seandroid-list-le...@tycho.nsa.gov. To get help, send an email containing "help" to seandroid-list-requ...@tycho.nsa.gov.