On Thu, 27 May 2004 08:16:03 Stephen Smalley wrote:
>If you didn't enable SELinux at install time,
>then you'll need to install a policy
>(yum install policy policy-sources), create or edit
>/etc/sysconfig/selinux and set SELINUX=permissive in it,
> and relabel your filesystems (via fixfiles relabel).
>Once you get your filesystems labeled and have verified
>that you can boot without avc denials in your logs,
>you can set SELINUX=enforcing in /etc/sysconfig/selinux.
>then you'll need to install a policy
>(yum install policy policy-sources), create or edit
>/etc/sysconfig/selinux and set SELINUX=permissive in it,
> and relabel your filesystems (via fixfiles relabel).
>Once you get your filesystems labeled and have verified
>that you can boot without avc denials in your logs,
>you can set SELINUX=enforcing in /etc/sysconfig/selinux.
I really didn't enable SELinux at install time. Then, I had a try to enable
SELinx on my FC2 according to what you said. On my FC2,there was no policy-sources RPM package installed by default. Then I wanted to install the package. but there was something wrong when I using 'yum
install policy-sources'.
Below is what came on my screen:
Below is what came on my screen:
[root@localhost RPMS]# yum install policy-sources
Gathering header information file(s) from server(s)
Server: Fedora Core 2 - i386 - Base
retrygrab() failed for:
Gathering header information file(s) from server(s)
Server: Fedora Core 2 - i386 - Base
retrygrab() failed for:
.info
Executing failover method
failover: out of servers to try
Error getting file
Executing failover method
failover: out of servers to try
Error getting file
.info
[Errno 4] IOError: <urlopen error >
[Errno 4] IOError: <urlopen error >
I wonder what's wrong? and here can I use 'rpm -Uvh' to install the package instead of using 'yum install policy-sources'.
And there is another question:
In 'Fedora Core 2 SELinux FAQ', it said:
Q:. How do I temporarily turn off enforcing mode without having to reboot?
A:. This situation usually arises when you can't perform an action that is being prevented by policy. Run the command setenforce 0 to turn off enforcing mode in real time. When you are finished, run setenforce 1 to turn enforcing back on
Then, my question is: "can we still run 'echo 1 > /selinux/enforce' program to switch into enforcing mode. and switch back to permissive mode with 'echo 0 > /selinux/enforce'.
In 'Fedora Core 2 SELinux FAQ', it said:
Q:. How do I temporarily turn off enforcing mode without having to reboot?
A:. This situation usually arises when you can't perform an action that is being prevented by policy. Run the command setenforce 0 to turn off enforcing mode in real time. When you are finished, run setenforce 1 to turn enforcing back on
Then, my question is: "can we still run 'echo 1 > /selinux/enforce' program to switch into enforcing mode. and switch back to permissive mode with 'echo 0 > /selinux/enforce'.
Thank you very much!
Sincerely yours,
Park Lee
2004-06-03
Do you Yahoo!?
Friends. Fun. Try the all-new Yahoo! Messenger
