On 4/10/08, Steve Campbell <campbell at cnpapers.com> wrote: > Jim, > > I tried the new config file - the downloaded one - and it still gives me the > errors. I then went through and removed the xattr options on all of them > with no luck still. I have not ran the --check yet. > > OK, so what if I enable permissive mode just to get the extra attributes on > all the files, and do all the stuff needed to relabel the files. Will I see > any difference in what I have other than the extended attributes. Since this > server will go full time production real soon, I don't want to cause any > surprises for me or the users, and I don't have the time to learn selinux > admin and configuration in a short time either. I know, that sounds lazy, > but I just have a full plate at the moment, sorry. > > Thanks for all your time. I really do appreciated the fact you're educating > me. > > steve Hi Steve I always used to disable selinux until ~3 months ago i now have selinux enabled but set on permissive for my dev servers and enforcing on production i have several servers at home where i went from disabled to permissive with no problems. YMMV there will be no difference to your filesystem other than the extended attributes being applied you can see the change using the -Z switch for commands like ls and ps. you should have no problems at all i also use auditd to collect the AVCs that permissive generates Russell Coker's root-as-guest user play machine demo just kinda blew me away conceptually. mike