Experience with SELinux enabled and targetted policy

[William Hooper]

Richard E Miles said:
> In order to understand SELinux more I enabled SELinux on my system. I
> noticed a problem with access denied on portmap and ntpdate and ntpd
> services.

If you have been running the system with SELinux off then you most likely
have a large number of files with the incorrect context.  Take a look at
the "fixfiles" utility.

In the future, if you plan on turning on SELinux at some point, I suggest
changing to "permissive" mode rather than turning it off.  This will allow
your file contexts to be updated (and give you hints as to what will stop
working if you put it in an enforcement mode).

-- 
William Hooper