Horked-up system, Fedora 11
Craig White
craigwhite at azapple.com
Wed Oct 14 10:27:55 MST 2009
On Wed, 2009-10-14 at 06:47 -0700, Vaughn Treude wrote:
> > I have found SELinux to be much better in Fedora 11 that the problem
> > that it was in F10. Eventually you want to try running with it
> > enforcing.
> >
> >
> I need to research SELinux; I'm not very familiar with what it
> does.
> Thanks for the feedback.
----
one of the reasons I suggested that you run 'fixfiles onboot' is that
when you create files on other computers or in locations other than
where they are stored, they will always have the wrong security context.
'fixfiles onboot' does a complete relabel of your files.
The easiest way to get comfortable with SELinux is to put it into
permissive mode, make sure you have setroubleshoot package installed and
you will have most everything you need to deal with issues caused by
installing new files/daemons.
Once you have a handle on it, you can switch it to enforcing mode.
If you ever switch SELinux to disabled and then want to switch it back,
you MUST do a 'fixfiles onboot' to reboot because once it is turned off,
all files will not have any security contexts when they are created.
Craig
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
More information about the PLUG-discuss
mailing list