[CentOS] SELinux - way of the future or good idea but !!!

David Sommerseth dazo at users.sourceforge.net
Wed Dec 8 09:24:28 UTC 2010


On 29/11/10 13:11, Steve Clark wrote:
> I don't know how it is now - but I tried running in permissive mode a
> few years ago. It would complain about some
> file, I would fix the file and the next thing I knew it was complaining
> about the same file again, and the file was part
> of the redhat installation. After that I gave up and just turned it off.

If you use chcon to change the security context of a file, then it will
be restored to the "wrong" security context on the next relabelling.

If you rather use 'semanage fcontext' you can permanently set the
security context for files.  Then you can run restorecon or relabel your
filesystem, and it should be set with the proper security context.
Running semanage alone will not change the security context, but running
restorecon afterwards will do that.

Another way to do it, is to write a security module and load that
security module with semodule.  But that's a heavier path to take,
especially if 'semanage fcontext' can do the job for you.


kind regards,

David Sommerseth




More information about the CentOS mailing list