[PLUG] SELinux And setenforce
Matt Alexander
lowbassman at gmail.com
Sun Jan 22 16:27:09 UTC 2006
Paul Heinlein wrote:
> On Sun, 22 Jan 2006, Jason Van Cleve wrote:
>
>> I have this Fedora 4 server, and I'm trying to use CVS in pserver
>> mode. But I get a lame file permissions error, evidently because of
>> SELinux enforcement. I read I can "setenforce 0" to overcome this,
>> but is this a bad idea? I don't have much of a brain for subtle
>> security issues, but is there a significant risk, for my lonely
>> little server? The setenforce man page just says it puts "SELinux in
>> enforcing mode". Is that something I really need?
>
> It can take a *lot* of time to tune selinux policies to suit local
> needs. If you need to get your server running right now, I'd put
> selinux in audit-only mode (while taking all the ordinary steps to
> keep your box safe :-). Then do some reading to find out how to
> overcome all those audit/avc entries in your system log.
And to do that, set the following in /etc/sysconfig/selinux...
SELINUX=permissive
More information about the PLUG
mailing list