How best get rid of SELinux?
Bruno Wolff III
bruno at wolff.to
Mon Sep 24 03:54:44 UTC 2007
On Sun, Sep 23, 2007 at 16:11:53 +0000,
Beartooth <Beartooth at swva.net> wrote:
> On Sun, 23 Sep 2007 01:11:49 -0500, Arthur Pemberton wrote:
>
> > It takes less that a minute to find out 'man chcon'' :
> > Manual modification of the security contexts aren't really expected of
> > most people.
>
> With all due respect (which, yes, I know to be vast), the passage
> above is almost a parade example of the problem. Only the last sentence
> conveys any meaning whatever to me.
You aren't supposed to be using chcon to change contexts anyway. If the
context is messed up then you want something that is going to relabel
the files properly (for chcon you need to know what the correct label
is) and use something like restorecon. If you do want to make a manual
change to something different than what is expected by default, then
you normally want to use semanage to record what the label is supposed
to be so that future relabels don't change it back to the old context
and then you can use restorecon to set it to make sure that things
will work as expected.
It is also useful to know about the -Z option to ls which displays contexts
attached to files.
More information about the fedora-list
mailing list