Re: echo 0> /selinux/enforce

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On Tue, Nov 5, 2013 at 3:38 PM, <m.roth@xxxxxxxxx> wrote:

> John R Pierce wrote:
> > On 11/5/2013 2:15 PM, m.roth@xxxxxxxxx wrote:
> >> Wes James wrote:
> >>> >When does echo 0 > /selinux/inforce need to be used?  I.e., where is
> >>> >selinux enforcing itself on the system to protect it?  When I do yum
> >>> >install of some package, it seems to work (not being blocked).  When
> >>> would doing something not work because selinux is watching it (or
> whatever
> >>> that process is doing)?
> >>> >
> >> It changes selinux mode from enforcing to permissive, which means it
> >> still complains, but lets the processes run anyway.
> >
> > the most common scenario for selinux problems is when you change default
> > locations for something, for instance, putting a postgresql database
> > cluster on a different path than /var/lib/postgresql/x.y/data, or have
> > users with home directories other than /home/$USER
> >
> > if you do something like this and get weird errors, you can set selinux
> > to permissive, and see your thing works.  if so, analyze the selinux
> > error logs to see what corrective action you need (typically, relabeling
> > the unusual location for whatever it is).
>
> Or you might need to create special local policies for software in
> non-standard (but standard for your work environment) locations, or for
> local or third party software that was written in total ignorance or
> disregard of selinux (such as from CA, or Matlab...), or, in some cases,
> just leave it in permissive mode.
>
>      mark "NOT a fan of selinux, dealt with it far too much"
>
>
OK.  Why not use some other linux that doesn't use selinux then?  I guess
in permissive mode, you could still monitor the logs and take action, if
needed.

-wes
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos




[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux