On 07/09/2014 02:58 PM, Reindl Harald wrote:
Am 09.07.2014 20:45, schrieb Robert Moskowitz:
On 07/09/2014 02:36 PM, m.roth@5-cent.us wrote:
Mike McCarthy, W1NR wrote:
My COS6 server never required me to do that even though SELinux is enabled there (I didn't even know it was until today). Before I even posted the first help I tried the semanage command and found that it was not installed so I assumed wrongly that SELinux was not enabled.
<snip> Just remember, getenforce is the true answer.
mark, who really doesn't like selinux....*
- One of my annual goals: fix selinux permissions to SHUT IT UP, even when
most servers are in permissive mode.....
Doesn't permissive mode mean don't enforce but tell me what you would not have liked?
nothing else did he say "if you don't want to told all the long the same in permissive mode just fix it"
Perhaps another mode is needed? Quite mode? And then maybe to temporarily change it to permissive when you make a change?
that mode is called "disabled" and exists
Dah. Your right. The only difference between disabled and permissive is all the noise you get. But actually permissive can be a way to get info you need to create policies so you CAN run in enforcing. I have some simple instructions here somewhere that I have used to create a few policies....
there are 3 modes:
- enforced (block and cry)
- permissive (allow and cry)
- disable (allow and shut up)
what else do you need?
-
Robert Moskowitz