* recovery docs starter
@ 2002-10-29 12:41 Tom
2002-10-29 17:32 ` Russell Coker
0 siblings, 1 reply; 2+ messages in thread
From: Tom @ 2002-10-29 12:41 UTC (permalink / raw)
To: selinux
As promised when I had some trouble, I've started a "SELinux failures
and recovery" document. It's very small right now, but nevertheless
here's the first draft and please give feedback, as I'm sure I have
missed stuff and made some mistakes.
http://web.lemuria.org/se-recovery.html
--
PGP/GPG key: http://web.lemuria.org/pubkey.html
pub 1024D/2D7A04F5 2002-05-16 Tom Vogt <tom@lemuria.org>
Key fingerprint = C731 64D1 4BCF 4C20 48A4 29B2 BF01 9FA1 2D7A 04F5
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: recovery docs starter
2002-10-29 12:41 recovery docs starter Tom
@ 2002-10-29 17:32 ` Russell Coker
0 siblings, 0 replies; 2+ messages in thread
From: Russell Coker @ 2002-10-29 17:32 UTC (permalink / raw)
To: Tom, selinux
On Tue, 29 Oct 2002 13:41, Tom wrote:
> As promised when I had some trouble, I've started a "SELinux failures
> and recovery" document. It's very small right now, but nevertheless
> here's the first draft and please give feedback, as I'm sure I have
> missed stuff and made some mistakes.
>
> http://web.lemuria.org/se-recovery.html
If the policy you try to load doesn't match the kernel policy version then
it'll just give an error when you try to load it.
The only way you can get in trouble is if you compile a version of the policy
source that doesn't match the kernel. Different binary policy versions often
require different policy source versions, if the files security_classes,
initial_sids, and access_vectors don't match the kernel then the result can
be a totally non-functional system.
In the file labels section you failed to mention that if you delete a file on
a non-SE kernel and create a new file then it might get the same Inode number
as the file you deleted (and therefore the same SID).
avc_toggle only works if you have compiled in development mode...
Apart from that it looks good so far. Next thing to do is make some mention
of the results of accidentally installing an unpatched /bin/login etc. ;)
--
http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/ Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/ My home page
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2002-10-29 18:26 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2002-10-29 12:41 recovery docs starter Tom
2002-10-29 17:32 ` Russell Coker
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.