On 30/09/10 3:21 AM, Simon Billis wrote: > > You can use "setenforce 0" without the quotes to disable selinux from the > command line till next reboot or until you issue "setenforce 1" - this is > useful for testing as is looking at /var/log/audit/audit.log and also using > commands such as audit2why and audit2allow (I strongly recommend reading at > least the man pages and also such websites as > http://www.nsa.gov/research/selinux/docs.shtml (google selinux)) In addition to that URL, this document (which I didn't see listed, probably due to the publication date) looks very useful: http://www.nsa.gov/ia/_files/os/redhat/rhel5-guide-i731.pdf I'd second reading as much as possible on SELinux before diving into it, as there are more than a few gotchas. Especially when enabling and disabling it and knowing when a reboot is necessary when enabling or re-enabling it. Regards, Ben
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx http://lists.centos.org/mailman/listinfo/centos