[CentOS] SELinux - way of the future or good idea but !!!

Wed Dec 1 18:13:12 UTC 2010
Daniel J Walsh <dwalsh at redhat.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 12/01/2010 10:19 AM, m.roth at 5-cent.us wrote:
> On this thread, I'm speaking with my manager, and the other admin comes
> in, ranting about selinux, and that he's going to file a bug against it
> with RH.... Seems he installed RHEL6, and had the misfortune of having an
> older Sun keyboard, and may have hit the <caps lock> key when entering the
> root password... and he couldn't log in. So he rebooted to single user
> mode, and ran passwd... which sat there for a while, then quit, with no
> messages. Then he turned off selinux, and passwd worked... so the whole
> selinux thing was a pointless and irritating exercise.
> 
> Of course, if selinux had stopped him from turning enforcing off, he'd
> have had to reboot from the rescue disk, at the least, and reinstall at
> the worst.
> 
> The bigger question is why selinux when the system is in single user mode,
> and offline. If someone has console access, and shouldn't have, you have
> management problems, not o/s security problems.
> 
>         mark
> 
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos

This was a bug that has been fixed or will be fixed in the next release.
 Preview available in

http://people.redhat.com/dwalsh/SELinux/RHEL6/

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAkz2kDgACgkQrlYvE4MpobM4UwCg4tP5dDTysKAMSa5q+eXyWTbq
W3UAoOlBoR0Bhlvbz2ZowrXEKlqSK3vX
=TyCv
-----END PGP SIGNATURE-----