Am 29.01.2013 19:28, schrieb Daniel J Walsh: > On 01/29/2013 11:20 AM, John Reiser wrote: >>>>> A generic fallback image should be installed by anaconda on >>>>> installation/update and never ever be removed. > >>> Also, fallback has interesting security properties… > > >> "Rescue mode" forces a SELinux relabel at the next boot, and relabel can >> take a very long time. > >> How does "fallback mode" handle this, particularly if there have been >> updates to SELinux policy after the fallback was created? > > The reason for this is we do not know what files were created on the system > while SELinux was disabled (Policy Not Loaded). If you know you did not > created files on the system you could remove the /.autorelabel file and boot > without a relabel. >
The "rescue" initramfs carries just more kernel drivers to cope with different HW and will also have more debug tools, if you really really screwed up your real root. Nothing security fancy here, besides that you might want to passwort protect this entry, either via grub or via including /etc/passwd with a rescue root password in the initramfs. -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
