How best get rid of SELinux?

Andy Green andy at warmcat.com
Fri Sep 21 05:47:12 UTC 2007


Somebody in the thread at some point said:
> On Thu, 20 Sep 2007 21:31:51 +0530, Rahul Sundaram wrote:
> 
> 
>> It shouldn't cause any trouble if you set to permissive mode. Can you
>> explain what problems you are having?
> 
> 	I've just recently deleted a bunch of its incomprehensible 
> reportage from the machine I'm on at the moment; this has come in since 
> (with my apologies for what c&p does to the formatting) :  

Just to be clear, that is what "permissive" does... it lets you know
what selinux wouldn't've let through, but lets it through anyway.  So
these error messages represent a passive opinion from selinux about what
 it didn't like (but did nothing to prevent).  So selinux is only to
blame for filling your logs, not any other badness while in permissive.

IMO it is better to make selinux happy, if possible without causing a
heart attack, than to disable it.  Why not start with

# touch /.autorelabel

and a reboot.  This will make sure your files have the right selinux
label, the cause of many problems.

-Andy




More information about the fedora-list mailing list