On Monday, November 29, 2010 08:11 PM, Steve Clark wrote:
I don't know how it is now - but I tried running in permissive mode a few years ago. It would complain about some file, I would fix the file and the next thing I knew it was complaining about the same file again, and the file was part of the redhat installation. After that I gave up and just turned it off.
I never tried it on Centos 4 but when I had to implement it on Centos 5 in September this year, I did not encounter what you experienced.
It could be simply because I took pains to ensure the system knew how to relabel stuff beyond the defaults that it was programmed to do. I cannot remember if I had to make a rule for something that is installed by anaconda but I do believe that if you have change anything from the defaults, you need to teach the relabel system. Like Marko posted: man semanage.