Skip to content

docs: add deployment ordering and silent staff_t warning#2

Open
Amy-Ra-lph wants to merge 1 commit into
gprocunier:mainfrom
Amy-Ra-lph:docs/deployment-ordering
Open

docs: add deployment ordering and silent staff_t warning#2
Amy-Ra-lph wants to merge 1 commit into
gprocunier:mainfrom
Amy-Ra-lph:docs/deployment-ordering

Conversation

@Amy-Ra-lph
Copy link
Copy Markdown

@Amy-Ra-lph Amy-Ra-lph commented Jun 1, 2026

Summary

Add a deployment ordering table to policy/README.md documenting the critical install sequence and the silent staff_t fallback that occurs when the context file is missing.

Why

The most common deployment issue is missing step 3 (context file). There is no error, no log entry, and no warning — users log in successfully but run in staff_t with zero kernel deny enforcement. This table makes the ordering explicit and warns about the silent failure mode.

Test plan

  • README renders correctly on GitHub
  • Table matches actual deployment steps verified on RHEL 10

Companion to PR #1 which automates steps 2 and 3 in make install.

@Amy-Ra-lph @claude
docs: add deployment ordering table to policy README
16d66d0 
Document the critical install sequence and the silent staff_t fallback
that occurs when the context file is missing. This is the most common
deployment issue — everything appears to work but confinement is absent.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@Amy-Ra-lph Amy-Ra-lph mentioned this pull request Jun 1, 2026
Open
6 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@Amy-Ra-lph