[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Bad selinux policy?



MATSUURA Takanori wrote:
Dear all,

Security contexts is rebuilt as the folloing and it recoverd.
Sorry for spam.

1. SELinux is disabled using system-config-securitylevel
2. reboot
3. SELinux is enforced using system-config-securitylevel
4. reboot


MATSUURA Takanori


As far as I understand SELinux. If you have SELinux disabled, the file system does not write security content to the bits allocated for content by SELinux capable file systems. If you then enable SELinux, the security content has to be added to the files before your system is usable again.

Changing from permissive to enforcing should not need a relabeling for security content. Permissive allows but logs errors and still labels files as enforcing mode does. You should use permissive instead of disabling SELinux unless you don't mind needing your system relabeled on reboot.

Jim


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]