On Sun, 25 Nov 2001, Russell Coker wrote:

> Here's a little snippet for Configure.help. Could it (or something more
> detailed) be included in the next release?

We used to have Configure.help text for the SELinux kernel options (and default option settings in arch/i386/defconfig) in the original SELinux kernel patch (prior to migrating to LSM). I've deferred adding these changes to our patch to the LSM-patched kernel so far, since it often requires updating that patch for every new kernel version (currently, that patch only modifies the security/{Config.in,Makefile} files added by LSM, which rarely change). But I can transfer this text from the original SELinux kernel patch (with minor updates) for future releases.

As a side note on your actual text, the Development Module option is recommended for new users of SELinux, as noted in the README. In fact, some users of SELinux may chose to always build with the Development Module option and may simply use avc_toggle in an rc script to switch into enforcing mode during startup, always leaving them with the option of switching back to permissive mode as an administrator if desired. Or they can build without the Development Module option after verifying that the security policy configuration works for their needs if they want stricter security. That's up to the user.

--
Stephen D. Smalley, NAI Labs
ssmalley@nai.com







--
You have received this message because you are subscribed to the selinux list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.