selinux fixfiles context
Daniel J Walsh
dwalsh at redhat.com
Thu Apr 15 13:05:09 UTC 2004
shmuel siegel wrote:
>On Thu, 2004-04-15 at 15:15, Daniel J Walsh wrote:
>
>
>
>> Running in permissive mode is not the same as running in
>>enforcing mode. I would
>>suggest that you run in enforcing mode all the time. If you run into a
>>problem where something
>>will not work in enforcing mode, use setenforce 0 run your command and
>>run setenforce 1. Then
>>grab the AVC messages and submit a bug report.
>>
>>
>>
>In my environment, I am a little bit afraid of enforcing mode. I am
>running a non-critical mail server on my computer. It wouldn't bother me
>if the mail server didn't work but what would be unacceptable is if the
>server accepted mail and then couldn't write it to permanent storage. Is
>there anything that I can do to assure that I don't give false positives
>to received mail?
>
>
>
>
That depends on the mail app. If the mail server is not allowed to
write to disk, it will
get the same error that it would get if it was denied access though DAC
(Ordinary UNIX permisisions).
So I would expect the mail server not to give false positives. But no
guarantees.
More information about the fedora-test-list
mailing list