On 29/11/10 13:11, Steve Clark wrote:
I don't know how it is now - but I tried running in permissive mode a few years ago. It would complain about some file, I would fix the file and the next thing I knew it was complaining about the same file again, and the file was part of the redhat installation. After that I gave up and just turned it off.
If you use chcon to change the security context of a file, then it will be restored to the "wrong" security context on the next relabelling.
If you rather use 'semanage fcontext' you can permanently set the security context for files. Then you can run restorecon or relabel your filesystem, and it should be set with the proper security context. Running semanage alone will not change the security context, but running restorecon afterwards will do that.
Another way to do it, is to write a security module and load that security module with semodule. But that's a heavier path to take, especially if 'semanage fcontext' can do the job for you.
kind regards,
David Sommerseth