[CentOS] CentOS 7 SELinux issue

Thu Feb 25 12:54:37 UTC 2016
Steve Snyder <swsnyder at snydernet.net>

On 02/25/2016 07:23 AM, Brandon Vincent wrote:
> On Thu, Feb 25, 2016 at 12:34 AM, Frank Cox <theatre at melvilletheatre.com> wrote:
>> Turns out you get the "Could not downgrade policy file /etc/selinux/targeted/policy/policy.24" error if you're running with SELinux disabled and something tries to install or reload policy: semodule -vR does it.
> This is why if anyone is opposed to running SELinux it should be left
> in permissive mode.

Even in permissive mode you still incur the system overhead cost (7% 
performance hit, last I read) and the excessive logging.

And don't even get me started about having /tmp mounted on a tmpfs 
filesystem! :-)

There are good reasons to prefer disabled over permissive if you've sure 
you won't need to re-enable SELinux later.