Re: Post-halloween doc updates.

From: Chris Wright
Date: Thu Oct 30 2003 - 12:28:31 EST

Next message: Alex Belits: "Re: Things that Longhorn seems to be doing right"
Previous message: Dan Bernard: "Re: kernel: i8253 counting too high! resetting.."
In reply to: Randy.Dunlap: "Re: Post-halloween doc updates."
Next in thread: Dave Jones: "Re: Post-halloween doc updates."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

* Randy.Dunlap (rddunlap@xxxxxxxx) wrote:
> | SELinux.
> | ~~~~~~~~
> | NSA Security-Enhanced Linux (SELinux) got merged in 2.6.
> | It is disabled by default and can be enabled with a boot time parameter
> | selinux=1.
> | You can obtain SELinux tools and an example policy configuration from
> | http://www.nsa.gov/selinux
>
> Somebody correct me here if needed...
> selinux can't just be enabled by using 'selinux=1', if the config
> options are set for checking that.
> The way that I read security/selinux/Kconfig and hooks.c,
> if SECURITY_SELINUX_BOOTPARAM is enabled, then the 'selinux'
> boot option is also enabled. However, it can be disabled by using
> 'selinux=0' as a kernel boot option.

This is correct. SELinux defaults to not being config'd in. If you
config it in it defaults to enabled. If you also config the bootparam
you can use that param to disable it, otherwise selinux=1 is redundant
as that's the default.

thanks,
-chris
--
Linux Security Modules http://lsm.immunix.org http://lsm.bkbits.net
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Alex Belits: "Re: Things that Longhorn seems to be doing right"
Previous message: Dan Bernard: "Re: kernel: i8253 counting too high! resetting.."
In reply to: Randy.Dunlap: "Re: Post-halloween doc updates."
Next in thread: Dave Jones: "Re: Post-halloween doc updates."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]