Re: SELinux Understanding

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Monday 15 October 2007 19:57, Claude Jones wrote:
> On Monday October 15 2007 1:35:17 pm Nigel Henry wrote:
> > but as
> > re-enabling SELinux, in either permissive, or enforcing mode
> > results in the relabelling process being run, it's almost
> > impossible to know if the relabelling has resolved a genuine
> > problem or not.
>
> This is where you're mistaken. It's perfectly possible to set
> permissive and enforcing modes, without relabeling - relabeling
> is only forced after some updates, and that not very often -
> perhaps, this is something that should be addressed. Perhaps a
> warning message when you turn on enforcing, with instructions to
> relabel if you've run in permissive mode for some period of
> time...
>
> --
> Claude Jones
> Brunswick, MD, USA

Well I disabled SELinux some weeks ago for some reason or other. I didn't want 
to, as it had been behaving itself. Sorry, but I forget stuff easily these 
days, and can't remember why I disabled it. Anyway when I re-enabled it as 
forcing, and rebooted, it did the relabelling stuff. As I've said. I'm not 
too clued up on SELinux, but it was running in enforcing mode, then I 
disabled it (for some reason or other), and rebooted. Then I re-enabled it as 
enforcing, rebooted, and by default it ran it's relabelling program.

Now I'm not too bothered about SELinux. I've seen it around since FC2, but for 
the first time on Fedora 7 I've given it a try. I'm only a home user, so 
nothing critical going on, and apart from the little FTP problem it's working 
ok.

I'm not sure what you're saying though in your reply above. From what I 
understand, if you disable SELinux (not sure if a reboot has to occur before 
the next step), then re-enable SELinux in enforcing mode (as it was 
previously). I found that re-enabling SELinux in enforcing mode, then 
rebooting, resulted in the relabelling stuff being done. So is there some 
incantation you can apply to the kernel on bootup to prevent SELinux doing 
it's relabel stuff?

Nigel.

-- 
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora Magazine]     [Fedora News]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [SSH]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux