On Wed, October 31, 2007 9:58 pm, mark wrote: > Bill Hillier wrote: >> NFlorez@xxxxxxxxx wrote: >>> How do I disable and enable Selinux? >>> >> setenforce command .... >> >> setenforce 0 >> setenforce 1 > > And reboot. And forget about it. It's a honkin' pain in the neck, unless > you're > running a completely canned system, and the users are only allowed to do > what > you've allowed them to do. May be fine for, oh, the Pentagon or the CIA, > but in > the real world, it's security through making it next to impossible to *do* > anything. Is it a pain sometimes? You betcha. I think it's worth it, though. I have, on occasion been stopped temporarily from doing what I wanted to do, but now that I understand how better how it works, I have no problems with it. If someone *does* manage to crack in and take over, let's say apache, I'll be very glad I didn't 'setenforce 0'. Just my $0.02 worth. Bill -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
