Experience with SELinux enabled and targetted policy
Richard E Miles
r.godzilla at comcast.net
Mon Feb 21 22:47:41 UTC 2005
On Mon, 21 Feb 2005 16:22:04 -0500 (EST)
"William Hooper" <whooperhsd3 at earthlink.net> wrote:
>
> Richard E Miles said:
> > In order to understand SELinux more I enabled SELinux on my system. I
> > noticed a problem with access denied on portmap and ntpdate and ntpd
> > services.
>
> If you have been running the system with SELinux off then you most likely
> have a large number of files with the incorrect context. Take a look at
> the "fixfiles" utility.
>
> In the future, if you plan on turning on SELinux at some point, I suggest
> changing to "permissive" mode rather than turning it off. This will allow
> your file contexts to be updated (and give you hints as to what will stop
> working if you put it in an enforcement mode).
>
> --
> William Hooper
>
> --
> fedora-list mailing list
> fedora-list at redhat.com
> To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list
I forgot to mention that I originally set it up in permissive mode. It did
report warnings for these services. I then ran fixfiles check. It did not report
any problems. So I guess I am still not sure whay these prevention warnings
occured. I was just curious it someone knew and if there was something I could
do to correct it. I can always disable SELinux. Should I report this as a
bugzilla?
--
Richard E Miles
Federal Way WA. USA
registered linux user 46097
More information about the fedora-list
mailing list