[PLUG] SELinux And setenforce

Paul Heinlein heinlein at madboa.com
Sun Jan 22 14:51:25 UTC 2006


On Sun, 22 Jan 2006, Jason Van Cleve wrote:

> I have this Fedora 4 server, and I'm trying to use CVS in pserver 
> mode.  But I get a lame file permissions error, evidently because of 
> SELinux enforcement.  I read I can "setenforce 0" to overcome this, 
> but is this a bad idea?  I don't have much of a brain for subtle 
> security issues, but is there a significant risk, for my lonely 
> little server?  The setenforce man page just says it puts "SELinux 
> in enforcing mode".  Is that something I really need?

It can take a *lot* of time to tune selinux policies to suit local 
needs. If you need to get your server running right now, I'd put 
selinux in audit-only mode (while taking all the ordinary steps to 
keep your box safe :-). Then do some reading to find out how to 
overcome all those audit/avc entries in your system log.

-- Paul Heinlein <heinlein at madboa.com>



More information about the PLUG mailing list