Re: CentOS 7 SELinux issue

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] 


On 02/25/2016 07:23 AM, Brandon Vincent wrote:

On Thu, Feb 25, 2016 at 12:34 AM, Frank Cox <theatre@xxxxxxxxxxxxxxxxxxx> wrote:

Turns out you get the "Could not downgrade policy file /etc/selinux/targeted/policy/policy.24" error if you're running with SELinux disabled and something tries to install or reload policy: semodule -vR does it.


This is why if anyone is opposed to running SELinux it should be left
in permissive mode.
Even in permissive mode you still incur the system overhead cost (7% performance hit, last I read) and the excessive logging.
And don't even get me started about having /tmp mounted on a tmpfs filesystem! :-)
There are good reasons to prefer disabled over permissive if you've sure you won't need to re-enable SELinux later. 
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos
[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux