[CentOS] CentOS 7 SELinux issue
Steve Snyder
swsnyder at snydernet.net
Thu Feb 25 12:54:37 UTC 2016
On 02/25/2016 07:23 AM, Brandon Vincent wrote:
> On Thu, Feb 25, 2016 at 12:34 AM, Frank Cox <theatre at melvilletheatre.com> wrote:
>> Turns out you get the "Could not downgrade policy file /etc/selinux/targeted/policy/policy.24" error if you're running with SELinux disabled and something tries to install or reload policy: semodule -vR does it.
>
> This is why if anyone is opposed to running SELinux it should be left
> in permissive mode.
Even in permissive mode you still incur the system overhead cost (7%
performance hit, last I read) and the excessive logging.
And don't even get me started about having /tmp mounted on a tmpfs
filesystem! :-)
There are good reasons to prefer disabled over permissive if you've sure
you won't need to re-enable SELinux later.
More information about the CentOS
mailing list