[Pkg-sysvinit-devel] Bug#339862: what's the alternative?
Russell Coker
russell at coker.com.au
Mon Aug 4 04:53:20 UTC 2008
The reason for putting SE Linux in permissive mode is that if the filesystem
is corrupted then the wrong labels may be on files and that may prevent
recovery operations.
The alternative to automatically doing it is for the sys-admin to do so
manually if the need arises.
I find it difficult to imagine a situation where the sysadmin would not
realise the need to do this (the AVC messages will go to the console if SE
Linux prevents an operation). I also find it difficult to imagine a
situation where SE Linux would permit the machine to run the init scripts but
not permit the sysadmin to put it in permissive mode after getting a single
user shell.
I think that this is more a convenience issue than anything else.
More information about the Pkg-sysvinit-devel
mailing list