-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 11/05/2013 05:13 PM, Wes James wrote: First you should use setenforce 0/setenforce 1. Theoretically never. It should really be discouraged. It is like the Enterprise bringing it "Shields" down. SELinux in permissive mode will continue to do access checks but just logs them but does not block access. SELinux blocks "confined" processes, but usually does not block the administrator who is running as unconfined_t, and is allowed to do everything he could do if SELinux was disabled. Confined processes are targeted to system services. Stuff that is started at boot versus processes started by a logged in user. I blog on the topic alot at danwalsh.livejournal.com BTW, When do I need to setenforce 0? SELinux is a labeling system, if your labels get screwed up, you might need to setenforce 0 to get the system to run. Commands like restorecon/fixfiles can be used to restore the labels on your system to the default. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.15 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAlJ6XwwACgkQrlYvE4MpobMmMwCg5mhtu7o7m6gBvJBgyUkMwO8Y OpgAoOuUAvzGx6vG6bjs082iLtHbgY7L =O2TM -----END PGP SIGNATURE-----