[PLUG] SELinux And setenforce

Matt Alexander lowbassman at gmail.com
Sun Jan 22 08:27:09 PST 2006


Paul Heinlein wrote:
> On Sun, 22 Jan 2006, Jason Van Cleve wrote:
>
>> I have this Fedora 4 server, and I'm trying to use CVS in pserver 
>> mode.  But I get a lame file permissions error, evidently because of 
>> SELinux enforcement.  I read I can "setenforce 0" to overcome this, 
>> but is this a bad idea?  I don't have much of a brain for subtle 
>> security issues, but is there a significant risk, for my lonely 
>> little server?  The setenforce man page just says it puts "SELinux in 
>> enforcing mode".  Is that something I really need?
>
> It can take a *lot* of time to tune selinux policies to suit local 
> needs. If you need to get your server running right now, I'd put 
> selinux in audit-only mode (while taking all the ordinary steps to 
> keep your box safe :-). Then do some reading to find out how to 
> overcome all those audit/avc entries in your system log.


And to do that, set the following in /etc/sysconfig/selinux...

SELINUX=permissive






More information about the PLUG mailing list