On Tuesday, September 20, 2011 10:30:38 AM Tim wrote: > On Tue, 2011-09-20 at 08:14 -0300, Martín Marqués wrote: > > I reinstalled (better hardware) a server and had selinux enabled (was > > disabled before), and I starting to see why so many people don't use > > selinux. > > Let's clarify what you've written... You are, now, trying to run a > system with SELinux enabled, that was previously running with it > disabled. The same files on the drive, just changing the SELinux > setting. Is that right? > > If so, no wonder you're having grief. While SELinux was off, your > system was writing files without setting any SELinux contexts. So, > those files are just default files. Now that SELinux is on, there's no > contexts written in the file attributes that would tell SELinux to allow > access, so the default (for safety) action is to disallow it. > If the above is his problem, has he tried creating /.autorelabel and reboot? Please see "man selinux", "The best way to relabel the file system is to create the flag file /.autorelabel and reboot. system-config-securitylevel, also has this capability. The restorcon/fixfiles commands are also available for relabeling files." -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
