Robert Moskowitz wrote:
On 07/09/2014 02:36 PM, m.roth@5-cent.us wrote:
Mike McCarthy, W1NR wrote:
My COS6 server never required me to do that even though SELinux is enabled there (I didn't even know it was until today). Before I even posted the first help I tried the semanage command and found that it was not installed so I assumed wrongly that SELinux was not enabled.
<snip> Just remember, getenforce is the true answer.
mark, who really doesn't like selinux....*
- One of my annual goals: fix selinux permissions to SHUT IT UP, even
when most servers are in permissive mode.....
Doesn't permissive mode mean don't enforce but tell me what you would not have liked?
No, what *it* didn't like. And it can get *very* noisy.
Perhaps another mode is needed? Quite mode? And then maybe to temporarily change it to permissive when you make a change?
I'd like a "tell me once a day, PERIOD. I've had it overload its queue, it was spitting mad about something.
mark