On Thu, 27 May 2004 08:16:03 Stephen Smalley wrote:
If you didn't enable SELinux at install time, then you'll need to install a policy (yum install policy policy-sources), create or edit /etc/sysconfig/selinux and set SELINUX=permissive in it, and relabel your filesystems (via fixfiles relabel). Once you get your filesystems labeled and have verified that you can boot without avc denials in your logs, you can set SELINUX=enforcing in /etc/sysconfig/selinux.
I really didn't enable SELinux at install time. Then, I had a try to enable SELinx on my FC2 according to what you said. On my FC2,there was no policy-sources RPM package installed by default. Then I wanted to install the package. but there was something wrong when I using 'yum install policy-sources'. Below is what came on my screen:
[root@localhost RPMS]# yum install policy-sources Gathering header information file(s) from server(s) Server: Fedora Core 2 - i386 - Base retrygrab() failed for: http://download.fedora.redhat.com/pub/fedora/linux/core/2/i386/os/headers/he... .info Executing failover method failover: out of servers to try Error getting file http://download.fedora.redhat.com/pub/fedora/linux/core/2/i386/os/headers/he... .info [Errno 4] IOError: <urlopen error >
I wonder what's wrong? and here can I use 'rpm -Uvh' to install the package instead of using 'yum install policy-sources'.
And there is another question: In 'Fedora Core 2 SELinux FAQ', it said: Q:. How do I temporarily turn off enforcing mode without having to reboot? A:. This situation usually arises when you can't perform an action that is being prevented by policy. Run the command setenforce 0 to turn off enforcing mode in real time. When you are finished, run setenforce 1 to turn enforcing back on
Then, my question is: "can we still run 'echo 1 > /selinux/enforce' program to switch into enforcing mode. and switch back to permissive mode with 'echo 0 > /selinux/enforce'.
Thank you very much!
Sincerely yours, Park Lee 2004-06-03
--------------------------------- Do you Yahoo!? Friends. Fun. Try the all-new Yahoo! Messenger
On Wed, 2004-06-02 at 14:55, park lee wrote:
[root@localhost RPMS]# yum install policy-sources Gathering header information file(s) from server(s) Server: Fedora Core 2 - i386 - Base retrygrab() failed for: http://download.fedora.redhat.com/pub/fedora/linux/core/2/i386/os/headers/he... .info Executing failover method failover: out of servers to try Error getting file http://download.fedora.redhat.com/pub/fedora/linux/core/2/i386/os/headers/he... .info [Errno 4] IOError: <urlopen error > I wonder what's wrong? and here can I use 'rpm -Uvh' to install the package instead of using 'yum install policy-sources'.
Add some mirrors to /etc/yum.conf; look at http://fedora.redhat.com/download/mirrors.html and select several that are near you. For example, you might have:
[development] name=Fedora Core $releasever - Development Tree baseurl=http://download.fedora.redhat.com/pub/fedora/linux/core/development/$basearc... http://ftp.dulug.duke.edu/pub/fedora/linux/core/development/$basearch/ ftp://ftp.dulug.duke.edu/pub/fedora/linux/core/development/$basearch/ ftp://ftp.linux.ncsu.edu/pub/fedora/linux/core/development/$basearch/ ftp://mirror.cs.princeton.edu/pub/mirrors/fedora/linux/core/development/$basearch/ http://distro.ibiblio.org/pub/linux/distributions/fedora/linux/core/developm...
But replace the URLS with mirrors that are close to you.
Then, my question is: "can we still run 'echo 1 > /selinux/enforce' program to switch into enforcing mode. and switch back to permissive mode with 'echo 0 > /selinux/enforce'.
Yes, setenforce is just a utility that does the same thing. The advantage of using setenforce rather than directly writing to /selinux/enforce is that if we change the mount point for selinuxfs, setenforce will automtically pick up the new location (via libselinux).
On Thu, 2004-06-03 at 09:00, Stephen Smalley wrote:
[development] name=Fedora Core $releasever - Development Tree baseurl=http://download.fedora.redhat.com/pub/fedora/linux/core/development/$basearc... http://ftp.dulug.duke.edu/pub/fedora/linux/core/development/$basearch/ ftp://ftp.dulug.duke.edu/pub/fedora/linux/core/development/$basearch/ ftp://ftp.linux.ncsu.edu/pub/fedora/linux/core/development/$basearch/ ftp://mirror.cs.princeton.edu/pub/mirrors/fedora/linux/core/development/$basearch/ http://distro.ibiblio.org/pub/linux/distributions/fedora/linux/core/developm...
But replace the URLS with mirrors that are close to you.
Oops, sorry - you don't want the above unless you want to follow the development tree (i.e. the bleeding edge). You just want to add mirrors to your base and updates-released entries in yum.conf. Same idea.
selinux@lists.fedoraproject.org