On Wed, 2009-01-28 at 23:00 -0500, Rob Kampen wrote: > Last resort was the 'touch /.autorelabel' and reboot. This took nearly > an hour but once it came up all was well. > Thanks for the pointers Filipe. > At what point would it be safe to go to enforcing? What logs should I > be inspecting for warnings? > I find SELinux real hard to get my head around, extensive reading and > still I don't get it clearly enough to where I understand it and feel > safe committing my business server to it. And when something like this > occurs and it takes the server down for an hour to clean it up.... not > really production ready. > I'm getting ready to head for PCI-DSS audit and thought SELinux > enforcing would be a help......any comments from those with more > experience?? ---- you shouldn't have to relabel a filesystem unless you had turned SELinux off for a while. So that shouldn't be necessary again. I also gathered that the RHEL 5.3 release has a bunch of the newer tools from virtually current Fedora like SETroubleShooter which should make life a lot easier. I gather that CentOS 5.3 will be released in the next week or so and I would probably wait until you have it running fine for a week or two in permissive mode and have squashed any alerts and you should be good to move to enforcing. Craig _______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx http://lists.centos.org/mailman/listinfo/centos