On 07/09/2014 02:58 PM, Reindl Harald wrote:
> Am 09.07.2014 20:45, schrieb Robert Moskowitz:
>> On 07/09/2014 02:36 PM, m.roth@xxxxxxxxx wrote:
>>> Mike McCarthy, W1NR wrote:
>>>> My COS6 server never required me to do that even though SELinux is
>>>> enabled there (I didn't even know it was until today). Before I even
>>>> posted the first help I tried the semanage command and found that it was
>>>> not installed so I assumed wrongly that SELinux was not enabled.
>>> <snip>
>>> Just remember, getenforce is the true answer.
>>>
>>> mark, who really doesn't like selinux....*
>>>
>>> * One of my annual goals: fix selinux permissions to SHUT IT UP, even when
>>> most servers are in permissive mode.....
>> Doesn't permissive mode mean don't enforce but tell me what you would
>> not have liked?
> nothing else did he say "if you don't want to told all the long the
> same in permissive mode just fix it"
>
>> Perhaps another mode is needed? Quite mode? And then maybe to
>> temporarily change it to permissive when you make a change?
> that mode is called "disabled" and exists
Dah. Your right. The only difference between disabled and permissive
is all the noise you get. But actually permissive can be a way to get
info you need to create policies so you CAN run in enforcing. I have
some simple instructions here somewhere that I have used to create a few
policies....
>
> there are 3 modes:
>
> * enforced (block and cry)
> * permissive (allow and cry)
> * disable (allow and shut up)
>
> what else do you need?
>
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
