From: Stephen Smalley <sds@tycho.nsa.gov>
To: Dennis Wronka <linuxweb@gmx.net>
Cc: SELinux@tycho.nsa.gov
Subject: Re: Policy loading problem
Date: Wed, 20 May 2009 12:44:48 -0400 [thread overview]
Message-ID: <1242837888.20082.419.camel@localhost.localdomain> (raw)
In-Reply-To: <200905202344.16667.linuxweb@gmx.net>
On Wed, 2009-05-20 at 23:44 +0800, Dennis Wronka wrote:
> Just an idea:
> Wouldn't it be possible to split CONFIG_SECURITY_SELINUX_DEVELOP into two
> options, pretty much like CONFIG_SECURITY_SELINUX_BOOTPARAM and
> CONFIG_SECURITY_SELINUX_DISABLE?
>
> I like the idea because it would prevent somebody that has physical access to
> set SELinux to permissive (and thus practically disabling its protection) on
> boot, but still keep the option for root (either as sysadm_r or, preferably,
> as secadm_r) to switch to permissive mode after boot.
Possible, yes. Useful, I don't think so. If you want to prevent users
with physical access from specifying selinux=0 or enforcing=0, then use
a grub password (and more, if you are really concerned about physical
access).
A more likely scenario is that people want to be able to boot permissive
without being able to switch to permissive at runtime. But that can be
enforced by not allowing setenforce permission to any domain in your
policy.
--
Stephen Smalley
National Security Agency
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
next prev parent reply other threads:[~2009-05-20 16:44 UTC|newest]
Thread overview: 26+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-05-18 10:19 avc: denied null Dominick Grift
2009-05-18 12:50 ` Stephen Smalley
2009-05-18 12:59 ` Dominick Grift
2009-05-18 18:52 ` Eamon Walsh
2009-05-20 3:11 ` Eamon Walsh
2009-05-20 7:21 ` Policy loading problem Dennis Wronka
2009-05-20 11:46 ` Stephen Smalley
2009-05-20 13:46 ` Dennis Wronka
2009-05-20 13:49 ` Stephen Smalley
2009-05-20 14:07 ` Dennis Wronka
2009-05-20 14:09 ` Stephen Smalley
2009-05-20 14:21 ` Stephen Smalley
2009-05-20 14:42 ` Dennis Wronka
2009-05-20 14:40 ` Stephen Smalley
2009-05-20 14:57 ` Dennis Wronka
2009-05-20 14:59 ` Stephen Smalley
2009-05-20 15:22 ` Dennis Wronka
2009-05-20 15:44 ` Dennis Wronka
2009-05-20 16:44 ` Stephen Smalley [this message]
2009-05-20 21:01 ` Paul Howarth
2009-05-20 15:10 ` Stephen Smalley
2009-07-07 15:53 ` Joshua Brindle
2009-05-20 11:08 ` avc: denied null Dominick Grift
2009-05-21 2:36 ` Eamon Walsh
2009-05-21 12:19 ` Dominick Grift
2009-05-21 20:15 ` Dominick Grift
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1242837888.20082.419.camel@localhost.localdomain \
--to=sds@tycho.nsa.gov \
--cc=SELinux@tycho.nsa.gov \
--cc=linuxweb@gmx.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.