Cannot print to file in Fedora
Paul Howarth
paul at city-fan.org
Tue Mar 11 16:22:21 UTC 2008
Jóhann B. Guðmundsson wrote:
> Matej Cepl wrote:
>> On 2008-03-11, 10:38 GMT, Jóhann B. Guðmundsson wrote:
>>
>>> You do so by open a termina and run
>>> echo 0 > /selinux/enforce
>>>
>>
>> You do so by opening a terminal and run (as root, of course):
>>
>> setenforce 0
>>
>> Matěj
>>
>>
> What both Matej and Tim forget to mention is
> the fact that by running setenforce 0 command
> it will change your selinux configuration settings permanently to
> permissive
No, it doesn't. You need to change /etc/sysconfig/selinux to achieve
that, and just using setenforce will not alter that file.
> hence on next reboot your selinux would be running in permissive mode
> instead of enforcing mode and leave your computer less secure...
>
> While running echo 0 > /selinux/enforce command will only
> change the selinux configuration until next reboot instead of changing the
> settings/configuration it was set on to begin with, which is both better
> suited to deal with isolated insistents and securer encase you would forget
> to set selinux back to enforcing mode.
I agree that staying in permissive mode for the shortest possible time
is the right approach though. But using "setenforce" is the easiest way
to achieve that.
> If you would like to set selinux back to enforcing you can change the 0
> to 1
> in both commands.
Agreed.
Paul.
More information about the devel
mailing list