Re: [PATCH] [LSM] Rework LSM hooks

From: Chris Wright
Date: Tue Aug 10 2004 - 15:24:04 EST

Next message: James Morris: "Re: [PATCH] [LSM] Rework LSM hooks"
Previous message: Chris Wright: "Re: [PATCH] [LSM] Rework LSM hooks"
In reply to: James Morris: "Re: [PATCH] [LSM] Rework LSM hooks"
Next in thread: James Morris: "Re: [PATCH] [LSM] Rework LSM hooks"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

* James Morris (jmorris@xxxxxxxxxx) wrote:
> On Tue, 10 Aug 2004, Kurt Garloff wrote:
> > The first patch patch does just change the selinux default; so you
> > need to enable with selinux=1.
>
> This issue has been through a couple of iterations and the current scheme
> where if you have SELinux enabled, it is on by default, is aimed at being
> more secure by default. On some platforms, boot parameters are not
> feasible. To allow SELinux to be disable for these, the /selinux/disable
> node was implemented, which allows SELinux to be unregistered during boot.
> I suggest you investigate using this; look at what Fedora does.

Could make selinux_enabled value configurable. I don't really like the
extra configuration, but if it's more vendor neutral to have config
not only control if you can have bootparam, but also default value,
then perhaps it'd be useful.

thanks,
-chris
--
Linux Security Modules http://lsm.immunix.org http://lsm.bkbits.net
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: James Morris: "Re: [PATCH] [LSM] Rework LSM hooks"
Previous message: Chris Wright: "Re: [PATCH] [LSM] Rework LSM hooks"
In reply to: James Morris: "Re: [PATCH] [LSM] Rework LSM hooks"
Next in thread: James Morris: "Re: [PATCH] [LSM] Rework LSM hooks"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]