Le Mon, 05 May 2014 20:44:44 +0300, Victor Porton <[email protected]> a écrit :
> "No, files in /etc/selinux are configuration files, which must not be > deleted at "apt-get remove". You have to use "apt-get purge" for that. > See the debian policy or the manpages for apt." > > Unchanged configuration files should be removed. I have not changed > any of these files so they should be removed. Non-removal is a bug. This is valid when the the config file is removed from the package, not when removing the package itself, that's precisely the difference between remove and purge. > > "Well, I guess you still booted with kernel command line > security=selinux and selinux=1, probably in enforcing mode. Which > doesn't work because then you need a working selinux policy > installed." > > Is it a kernel bug? > > I think it should use an empty policy if there are no policy > installed. > > The system should not cease to work only because there are no > currently installed policy. It is a bug (of Debian or of kernel, I > don't know). > > I don't propose to disable selinux when uninstalling > selinux-policy-default but to work with an empty policy. As SELinux is denying everything by default, an "empty policy" is blocking everything, I don't think this is a bug but a design feature. Cheers, Laurent Bigonville _______________________________________________ SELinux-devel mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/selinux-devel
