SELinux Understanding
Claude Jones
cjones at levitjames.com
Mon Oct 15 17:57:11 UTC 2007
On Monday October 15 2007 1:35:17 pm Nigel Henry wrote:
> but as
> re-enabling SELinux, in either permissive, or enforcing mode
> results in the relabelling process being run, it's almost
> impossible to know if the relabelling has resolved a genuine
> problem or not.
This is where you're mistaken. It's perfectly possible to set
permissive and enforcing modes, without relabeling - relabeling
is only forced after some updates, and that not very often -
perhaps, this is something that should be addressed. Perhaps a
warning message when you turn on enforcing, with instructions to
relabel if you've run in permissive mode for some period of
time...
--
Claude Jones
Brunswick, MD, USA
More information about the users
mailing list