Jóhann B. Guðmundsson wrote:
Matej Cepl wrote:On 2008-03-11, 10:38 GMT, Jóhann B. Guðmundsson wrote:You do so by open a termina and run echo 0 > /selinux/enforceYou do so by opening a terminal and run (as root, of course): setenforce 0 MatějWhat both Matej and Tim forget to mention is the fact that by running setenforce 0 commandit will change your selinux configuration settings permanently to permissive
No, it doesn't. You need to change /etc/sysconfig/selinux to achieve that, and just using setenforce will not alter that file.
hence on next reboot your selinux would be running in permissive mode instead of enforcing mode and leave your computer less secure... While running echo 0 > /selinux/enforce command will only change the selinux configuration until next reboot instead of changing the settings/configuration it was set on to begin with, which is both better suited to deal with isolated insistents and securer encase you would forget to set selinux back to enforcing mode.
I agree that staying in permissive mode for the shortest possible time is the right approach though. But using "setenforce" is the easiest way to achieve that.
If you would like to set selinux back to enforcing you can change the 0 to 1in both commands.
Agreed. Paul.