How best get rid of SELinux?
Gene Heskett
gene.heskett at verizon.net
Fri Sep 21 06:19:11 UTC 2007
On Friday 21 September 2007, Andy Green wrote:
>Somebody in the thread at some point said:
>> On Thu, 20 Sep 2007 21:31:51 +0530, Rahul Sundaram wrote:
>>> It shouldn't cause any trouble if you set to permissive mode. Can you
>>> explain what problems you are having?
>>
>> I've just recently deleted a bunch of its incomprehensible
>> reportage from the machine I'm on at the moment; this has come in since
>> (with my apologies for what c&p does to the formatting) :
>
>Just to be clear, that is what "permissive" does... it lets you know
>what selinux wouldn't've let through, but lets it through anyway. So
>these error messages represent a passive opinion from selinux about what
> it didn't like (but did nothing to prevent). So selinux is only to
>blame for filling your logs, not any other badness while in permissive.
>
>IMO it is better to make selinux happy, if possible without causing a
>heart attack, than to disable it. Why not start with
>
># touch /.autorelabel
>
>and a reboot. This will make sure your files have the right selinux
>label, the cause of many problems.
>
>-Andy
With all due respect Andy, I probably did that 6 or 7 times. Not once did it
actually fix a problem.
--
Cheers, Gene
"There are four boxes to be used in defense of liberty:
soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
Never explain. Your friends do not need it and your enemies will never
believe you anyway.
-- Elbert Hubbard
More information about the fedora-list
mailing list