I think the expectation is that one would boot into single user mode with SELinux either off or in permissive mode (which sounds like the same thing if the policy won't load), fix the problem and then reboot. You would never want to go into multiuser mode until the problem is repaired.
Passing kernel flags isn't user friendly but this is also something that shouldn't happen, especially on an evaluated configuration. Famous last words, I suppose. -- ljk Eduardo Madeira Fleury wrote: > Hi all, > > I'm currently testing what happens when Init detects a load_policy error. The > results I have so far are: > > == Booting in Enforcing Mode -> The system panics. > > == Booting in Permissive Mode -> The system boots fine but with SELinux > completely disabled in such a way it's not possible to simply setenforce to 1 > > == Booting in Disabled Mode -> Boots fine with SELinux disabled of course. > > What I would like to point though is that this way the system does not > provide > an automatic "Recover Mode" as specified in the Security Target section > 19.1.2.3 Manual Recovery (FPT_RCV.1). > > Currently the system admin is required to modify boot parameters manually to > boot in Permissive or Disabled mode, repair the system and then boot it back > in Enforcing mode, but simply booting in Permissive mode is a potential > security risk as the system would still be in multiuser mode. > > It's important to require that in case of a load_policy failure the system > admin boot the system in Permissive mode **but also in single mode**. > > Besides that, passing kernel arguments in boot time is not user friendly. > > Anyway, I'd like to check if this behavior is the one expected. > > Regards, -- redhat-lspp mailing list [email protected] https://www.redhat.com/mailman/listinfo/redhat-lspp
