[CentOS] SELinux - way of the future or good idea but !!!

Christopher Chan christopher.chan at bradbury.edu.hk
Mon Nov 29 07:44:18 EST 2010


On Monday, November 29, 2010 08:11 PM, Steve Clark wrote:

> I don't know how it is now - but I tried running in permissive mode a
> few years ago. It would complain about some
> file, I would fix the file and the next thing I knew it was complaining
> about the same file again, and the file was part
> of the redhat installation. After that I gave up and just turned it off.
>

I never tried it on Centos 4 but when I had to implement it on Centos 5 
in September this year, I did not encounter what you experienced.

It could be simply because I took pains to ensure the system knew how to 
relabel stuff beyond the defaults that it was programmed to do. I cannot 
remember if I had to make a rule for something that is installed by 
anaconda but I do believe that if you have change anything from the 
defaults, you need to teach the relabel system. Like Marko posted: man 
semanage.


More information about the CentOS mailing list