[DSE-Dev] Bug#747106: Bug#747106: I disagree with closing
Laurent Bigonville
bigon at debian.org
Mon May 5 17:58:15 UTC 2014
Le Mon, 05 May 2014 20:44:44 +0300,
Victor Porton <porton at narod.ru> a écrit :
> "No, files in /etc/selinux are configuration files, which must not be
> deleted at "apt-get remove". You have to use "apt-get purge" for that.
> See the debian policy or the manpages for apt."
>
> Unchanged configuration files should be removed. I have not changed
> any of these files so they should be removed. Non-removal is a bug.
This is valid when the the config file is removed from the package, not
when removing the package itself, that's precisely the difference
between remove and purge.
>
> "Well, I guess you still booted with kernel command line
> security=selinux and selinux=1, probably in enforcing mode. Which
> doesn't work because then you need a working selinux policy
> installed."
>
> Is it a kernel bug?
>
> I think it should use an empty policy if there are no policy
> installed.
>
> The system should not cease to work only because there are no
> currently installed policy. It is a bug (of Debian or of kernel, I
> don't know).
>
> I don't propose to disable selinux when uninstalling
> selinux-policy-default but to work with an empty policy.
As SELinux is denying everything by default, an "empty policy" is
blocking everything, I don't think this is a bug but a design feature.
Cheers,
Laurent Bigonville
More information about the SELinux-devel
mailing list