Re: SELinux - way of the future or good idea but !!!

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On 29/11/10 13:11, Steve Clark wrote:
> I don't know how it is now - but I tried running in permissive mode a
> few years ago. It would complain about some
> file, I would fix the file and the next thing I knew it was complaining
> about the same file again, and the file was part
> of the redhat installation. After that I gave up and just turned it off.

If you use chcon to change the security context of a file, then it will
be restored to the "wrong" security context on the next relabelling.

If you rather use 'semanage fcontext' you can permanently set the
security context for files.  Then you can run restorecon or relabel your
filesystem, and it should be set with the proper security context.
Running semanage alone will not change the security context, but running
restorecon afterwards will do that.

Another way to do it, is to write a security module and load that
security module with semodule.  But that's a heavier path to take,
especially if 'semanage fcontext' can do the job for you.


kind regards,

David Sommerseth

_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos


[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux