[CentOS] selinux & iptables

Phil Savoie psavoie1783 at rogers.com
Tue Aug 30 23:07:06 UTC 2011


On 08/30/2011 03:23 PM, Ned Slider wrote:
> On 30/08/11 20:08, Michael D. Berger wrote:
>> In setting up my new CentOS 6 laptop, I replaced
>> /etc/sysconfig/iptables with my own, very restrictive
>> version.  I then tried to restart the iptables daemon,
>> but it reported that my new iptables was unreadable.
>> On a guess, I disabled selinux, and my problem was
>> solved.  Later, I re-enabled selinux and on reboot, it
>> had to go through a very long setup procedure.

> Rather than disabling, you can put SELinux in permissive mode to 
> troubleshoot. Permissive mode will warn but still allow all actions that 
> would otherwise be blocked in enforcing mode.
> 

Further to this, chcon --reference <originalfile> <newfile>, then test
with selinux back in enforcing mode.


> When you disable SELinux and then later re-enable it, the whole file 
> system will need to be relabeled at boot, and this is probably what took 
> the time on your system. Switching between permissive and enforcing 
> modes avoids this.
> 


Regards,

Phil



More information about the CentOS mailing list