[Pkg-sysvinit-devel] Bug#339862: what's the alternative?

Russell Coker russell at coker.com.au
Mon Aug 4 04:53:20 UTC 2008


The reason for putting SE Linux in permissive mode is that if the filesystem 
is corrupted then the wrong labels may be on files and that may prevent 
recovery operations.

The alternative to automatically doing it is for the sys-admin to do so 
manually if the need arises.

I find it difficult to imagine a situation where the sysadmin would not 
realise the need to do this (the AVC messages will go to the console if SE 
Linux prevents an operation).  I also find it difficult to imagine a 
situation where SE Linux would permit the machine to run the init scripts but 
not permit the sysadmin to put it in permissive mode after getting a single 
user shell.

I think that this is more a convenience issue than anything else.





More information about the Pkg-sysvinit-devel mailing list