On 30/09/10 3:21 AM, Simon Billis wrote: > > You can use "setenforce 0" without the quotes to disable selinux from the > command line till next reboot or until you issue "setenforce 1" - this is > useful for testing as is looking at /var/log/audit/audit.log and also using > commands such as audit2why and audit2allow (I strongly recommend reading at > least the man pages and also such websites as > http://www.nsa.gov/research/selinux/docs.shtml (google selinux)) In addition to that URL, this document (which I didn't see listed, probably due to the publication date) looks very useful: http://www.nsa.gov/ia/_files/os/redhat/rhel5-guide-i731.pdf I'd second reading as much as possible on SELinux before diving into it, as there are more than a few gotchas. Especially when enabling and disabling it and knowing when a reboot is necessary when enabling or re-enabling it. Regards, Ben -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 258 bytes Desc: OpenPGP digital signature URL: <http://lists.centos.org/pipermail/centos/attachments/20100930/2fcea12a/attachment-0005.sig>