On 11/9/18 8:48 AM, Rick Stevens wrote: > On 11/8/18 4:27 PM, Ed Greshko wrote: >> On 11/9/18 8:16 AM, Rick Stevens wrote: >>> If disabling SELinux fixes the connection issue, I'd sure-as-tootin' >>> file a bugzilla about it. >> I need to remove this phrase from my "it goes without saying" list. :-) >> >> As I've said before "I" haven't had an case where "Permissive" didn't reveal the issue. >> >> I have been bitten by cases where modules are marked "Do Not Audit" such that an selinux >> AVC blocks an operation but does so silently. > And I've hit those too, but again, there are certain things that > "permissive" still blocks. You get the denial but it still blocks. I'll > be interested in seeing if a full SELinux disable permits the thing to > work. That'd prove it one way or another. Yes, as I pointed out elsewhere, a bit of research (that dirty word) reveals.... When we said that running in permissive mode has the system run as if SELinux was not enabled, we weren't really lying... well, perhaps a bit. There is the matter of SELinux-aware applications. These are applications that know about SELinux on a system, and behave differently when SELinux is enabled or not. Most of these applications however do not change their behavior based on the permissive or enforcing mode - only if SELinux is truly disabled. But that does mean that running your system in permissive might still have applications behave as if SELinux was in enforcing mode, or at least behave differently than when SELinux is disabled. -- Fedora Users - The place to go to beat OT dead horses :-) :-) _______________________________________________ users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxxx
