The reason for putting SE Linux in permissive mode is that if the filesystem is corrupted then the wrong labels may be on files and that may prevent recovery operations.
The alternative to automatically doing it is for the sys-admin to do so manually if the need arises. I find it difficult to imagine a situation where the sysadmin would not realise the need to do this (the AVC messages will go to the console if SE Linux prevents an operation). I also find it difficult to imagine a situation where SE Linux would permit the machine to run the init scripts but not permit the sysadmin to put it in permissive mode after getting a single user shell. I think that this is more a convenience issue than anything else. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
