Enabling SELinux (was Re: How to make SELinux in Fedora work?)
Tom London
selinux at comcast.net
Thu Jun 3 15:35:00 UTC 2004
Yes. I had a few 'hang ups' when running fixfiles in multi-user mode.
Also, some processes may be left running if you go to single-user via
'telinit 1'.
tom
Stephen Smalley wrote:
>On Thu, 2004-06-03 at 09:37, park lee wrote:
>
>
>>ON Thu, 27 May 2004 11:07:33 ,Tom London wrote:
>>
>>
>>
>>>Following the attached advice, here's what I did:
>>>1. Modified /etc/sysconfig/selinux to have 'SELINUX=permissive'
>>>2. Rebooted single-user and ran 'fixfiles relabel'
>>>3. Rebooted multi-user
>>>
>>>
>>For the 2nd item, I want to ask why you must reboot in single-user?
>>can't we run 'fixfiles relabel' directly?
>>
>>
>
>It is generally safer to run it in single-user mode, both to ensure that
>you don't have any stray processes still running in the wrong domain
>(and thus creating files in the wrong types after the relabel) and to
>avoid problems with the purging of /tmp performed by relabel (as that
>will kill files on which windowing applications depend). fixfiles
>restore avoids the purging of /tmp.
>
>
>
More information about the fedora-selinux-list
mailing list