On Mon, May 3, 2010 at 1:20 PM, Jay Greguske <jgregusk(a)redhat.com> wrote:
Host/LiveCD: Description
- On/On: SELinux enforcing and functioning as expected
But this will still require that the host policy is exactly the same
(in general) as the target policy, right? Since we still have the
issue that if say a type is added from Fedora 12 to Fedora 13, the
Fedora 12 kernel in enforcing mode will refuse to lay down the (to it)
invalid context?
- Off/On: SELinux enforcing and functioning as expected
Hm, by "off" here you mean entirely disabled on the host? In that
case I guess there are no xattr hooks for selinux. the kernel will
just happily lay whatever in there.
- On/Off: File system is partially labelled due to Yum/RPM labelling
the files during installation. I figured this was OK because SELinux is disabled so they
shouldn't cause a problem (disk space usage is trivial)
Not a serious problem, agreed, ever since we got larger inodes.