How to make SELinux in Fedora work?

park lee parklee_fcsel at yahoo.com
Wed Jun 2 18:55:30 UTC 2004 

On Thu, 27 May 2004 08:16:03  Stephen Smalley wrote:
>If you didn't enable SELinux at install time, 
>then you'll need to install a policy 
>(yum install policy policy-sources), create or edit
>/etc/sysconfig/selinux and set SELINUX=permissive in it,
> and relabel your filesystems (via fixfiles relabel).
>Once you get your filesystems labeled and have verified 
>that you can boot without avc denials in your logs,
>you can set SELINUX=enforcing in /etc/sysconfig/selinux.
 
  I really didn't enable SELinux at install time. Then, I had a try to enable 
SELinx on my FC2 according to what you said. On my FC2,there was no policy-sources RPM package installed by default. Then I wanted to install the package. but there was something wrong when I using 'yum 
install policy-sources'.
Below is what came on my screen:
 
[root at localhost RPMS]# yum install policy-sources
Gathering header information file(s) from server(s)
Server: Fedora Core 2 - i386 - Base
retrygrab() failed for:
 http://download.fedora.redhat.com/pub/fedora/linux/core/2/i386/os/headers/header
.info
  Executing failover method
failover: out of servers to try
Error getting file 
http://download.fedora.redhat.com/pub/fedora/linux/core/2/i386/os/headers/header
.info
[Errno 4] IOError: <urlopen error >

 I wonder what's wrong? and here can I use 'rpm -Uvh' to install the package instead of using 'yum install policy-sources'.
 
And there is another question:
In 'Fedora Core 2 SELinux FAQ', it said:
Q:.  How do I temporarily turn off enforcing mode without having to reboot? 
A:.  This situation usually arises when you can't perform an action that is being prevented by policy. Run the command setenforce 0 to turn off enforcing mode in real time. When you are finished, run setenforce 1 to turn enforcing back on
 
Then, my question is: "can we still run 'echo 1 > /selinux/enforce' program to switch into enforcing mode. and switch back to permissive mode with 'echo 0 > /selinux/enforce'.
 
Thank you very much!

Sincerely yours,
Park Lee
2004-06-03


		
---------------------------------
Do you Yahoo!?
Friends.  Fun. Try the all-new Yahoo! Messenger
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/fedora-selinux-list/attachments/20040602/59524c00/attachment.htm>

More information about the fedora-selinux-list mailing list