ben at decadent.org.uk
Sun Apr 2 13:46:59 UTC 2017
On Sun, 2017-04-02 at 14:35 +0200, Laurent Bigonville wrote:
> Le 02/04/17 à 03:25, cgzones a écrit :
> > Is there any reason why the standard Debian kernel sets the value for
> > checkreqprot to 1, while the default is 0?
The default is 1. The commit changing the default to 0 went into
4.11-rc4, i.e. it is not even in an upstream stable release yet.
> > RedHat seems also to use 0 and from the documentation 0 seems to be
> > the stricter setting.
> To be honest I've no idea and the RH bug seems to miss some messages and
> refers to other private bug(s) but I can confirm that on centos 7.3 the
> value is set to 0.
> The kernel configuration is done by the kernel team, I'm forwarding your
> question to them on their ML. Maybe they didn't saw the default value
> has changed?
> Dear kernel maintainer, do you have an idea about this?
It's been that way in Debian since at least 2005. So anyone who has a
working SELinux policy for Debian must have taken this behaviour into
Maybe we'll go with the new default for buster.
It is impossible to make anything foolproof because fools are so
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 833 bytes
Desc: This is a digitally signed message part
More information about the SELinux-devel