[PLUG] SELinux And setenforce
Paul Heinlein
heinlein at madboa.com
Sun Jan 22 14:51:25 UTC 2006
On Sun, 22 Jan 2006, Jason Van Cleve wrote:
> I have this Fedora 4 server, and I'm trying to use CVS in pserver
> mode. But I get a lame file permissions error, evidently because of
> SELinux enforcement. I read I can "setenforce 0" to overcome this,
> but is this a bad idea? I don't have much of a brain for subtle
> security issues, but is there a significant risk, for my lonely
> little server? The setenforce man page just says it puts "SELinux
> in enforcing mode". Is that something I really need?
It can take a *lot* of time to tune selinux policies to suit local
needs. If you need to get your server running right now, I'd put
selinux in audit-only mode (while taking all the ordinary steps to
keep your box safe :-). Then do some reading to find out how to
overcome all those audit/avc entries in your system log.
-- Paul Heinlein <heinlein at madboa.com>
More information about the PLUG
mailing list