On Monday 15 October 2007 19:57, Claude Jones wrote: > On Monday October 15 2007 1:35:17 pm Nigel Henry wrote: > > but as > > re-enabling SELinux, in either permissive, or enforcing mode > > results in the relabelling process being run, it's almost > > impossible to know if the relabelling has resolved a genuine > > problem or not. > > This is where you're mistaken. It's perfectly possible to set > permissive and enforcing modes, without relabeling - relabeling > is only forced after some updates, and that not very often - > perhaps, this is something that should be addressed. Perhaps a > warning message when you turn on enforcing, with instructions to > relabel if you've run in permissive mode for some period of > time... > > -- > Claude Jones > Brunswick, MD, USA Well I disabled SELinux some weeks ago for some reason or other. I didn't want to, as it had been behaving itself. Sorry, but I forget stuff easily these days, and can't remember why I disabled it. Anyway when I re-enabled it as forcing, and rebooted, it did the relabelling stuff. As I've said. I'm not too clued up on SELinux, but it was running in enforcing mode, then I disabled it (for some reason or other), and rebooted. Then I re-enabled it as enforcing, rebooted, and by default it ran it's relabelling program. Now I'm not too bothered about SELinux. I've seen it around since FC2, but for the first time on Fedora 7 I've given it a try. I'm only a home user, so nothing critical going on, and apart from the little FTP problem it's working ok. I'm not sure what you're saying though in your reply above. From what I understand, if you disable SELinux (not sure if a reboot has to occur before the next step), then re-enable SELinux in enforcing mode (as it was previously). I found that re-enabling SELinux in enforcing mode, then rebooting, resulted in the relabelling stuff being done. So is there some incantation you can apply to the kernel on bootup to prevent SELinux doing it's relabel stuff? Nigel. -- fedora-list mailing list fedora-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list