Jóhann B. Guðmundsson wrote:
Matej Cepl wrote:
On 2008-03-11, 10:38 GMT, Jóhann B. Guðmundsson wrote:
You do so by open a termina and run
echo 0 > /selinux/enforce
You do so by opening a terminal and run (as root, of course):
setenforce 0
Matěj
What both Matej and Tim forget to mention is
the fact that by running setenforce 0 command
it will change your selinux configuration settings permanently to
permissive
No, it doesn't. You need to change /etc/sysconfig/selinux to achieve
that, and just using setenforce will not alter that file.
hence on next reboot your selinux would be running in permissive mode
instead of enforcing mode and leave your computer less secure...
While running echo 0 > /selinux/enforce command will only
change the selinux configuration until next reboot instead of changing the
settings/configuration it was set on to begin with, which is both better
suited to deal with isolated insistents and securer encase you would forget
to set selinux back to enforcing mode.
I agree that staying in permissive mode for the shortest possible time
is the right approach though. But using "setenforce" is the easiest way
to achieve that.
If you would like to set selinux back to enforcing you can change the 0
to 1
in both commands.
Agreed.
Paul.
--
fedora-devel-list mailing list
fedora-devel-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-devel-list
