Bad selinux policy?
Jim Cornette
fcd-cornette at insight.rr.com
Sat Feb 4 03:10:14 UTC 2006
MATSUURA Takanori wrote:
> Dear all,
>
> Security contexts is rebuilt as the folloing and it recoverd.
> Sorry for spam.
>
> 1. SELinux is disabled using system-config-securitylevel
> 2. reboot
> 3. SELinux is enforced using system-config-securitylevel
> 4. reboot
>
>
> MATSUURA Takanori
>
As far as I understand SELinux. If you have SELinux disabled, the file
system does not write security content to the bits allocated for content
by SELinux capable file systems. If you then enable SELinux, the
security content has to be added to the files before your system is
usable again.
Changing from permissive to enforcing should not need a relabeling for
security content. Permissive allows but logs errors and still labels
files as enforcing mode does. You should use permissive instead of
disabling SELinux unless you don't mind needing your system relabeled on
reboot.
Jim
More information about the fedora-devel-list
mailing list