How to make SELinux in Fedora work?
park lee
parklee_fcsel at yahoo.com
Wed Jun 2 18:55:30 UTC 2004
On Thu, 27 May 2004 08:16:03 Stephen Smalley wrote:
>If you didn't enable SELinux at install time,
>then you'll need to install a policy
>(yum install policy policy-sources), create or edit
>/etc/sysconfig/selinux and set SELINUX=permissive in it,
> and relabel your filesystems (via fixfiles relabel).
>Once you get your filesystems labeled and have verified
>that you can boot without avc denials in your logs,
>you can set SELINUX=enforcing in /etc/sysconfig/selinux.
I really didn't enable SELinux at install time. Then, I had a try to enable
SELinx on my FC2 according to what you said. On my FC2,there was no policy-sources RPM package installed by default. Then I wanted to install the package. but there was something wrong when I using 'yum
install policy-sources'.
Below is what came on my screen:
[root at localhost RPMS]# yum install policy-sources
Gathering header information file(s) from server(s)
Server: Fedora Core 2 - i386 - Base
retrygrab() failed for:
http://download.fedora.redhat.com/pub/fedora/linux/core/2/i386/os/headers/header
.info
Executing failover method
failover: out of servers to try
Error getting file
http://download.fedora.redhat.com/pub/fedora/linux/core/2/i386/os/headers/header
.info
[Errno 4] IOError: <urlopen error >
I wonder what's wrong? and here can I use 'rpm -Uvh' to install the package instead of using 'yum install policy-sources'.
And there is another question:
In 'Fedora Core 2 SELinux FAQ', it said:
Q:. How do I temporarily turn off enforcing mode without having to reboot?
A:. This situation usually arises when you can't perform an action that is being prevented by policy. Run the command setenforce 0 to turn off enforcing mode in real time. When you are finished, run setenforce 1 to turn enforcing back on
Then, my question is: "can we still run 'echo 1 > /selinux/enforce' program to switch into enforcing mode. and switch back to permissive mode with 'echo 0 > /selinux/enforce'.
Thank you very much!
Sincerely yours,
Park Lee
2004-06-03
---------------------------------
Do you Yahoo!?
Friends. Fun. Try the all-new Yahoo! Messenger
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/fedora-selinux-list/attachments/20040602/59524c00/attachment.htm>
More information about the fedora-selinux-list
mailing list