SELinux Understanding
Tim
ignored_mailbox at yahoo.com.au
Thu Oct 18 04:45:40 UTC 2007
On Mon, 2007-10-15 at 13:57 -0400, Claude Jones wrote:
> It's perfectly possible to set permissive and enforcing modes, without
> relabeling - relabeling is only forced after some updates, and that
> not very often - perhaps, this is something that should be addressed.
> Perhaps a warning message when you turn on enforcing, with
> instructions to relabel if you've run in permissive mode for some
> period of time...
I don't see why you'll ever need to relabel when switching between those
two modes, faults notwithstanding. SELinux is still running, in either
mode, and contexts should still be being set.
On the other hand, switching between disabled and either of those
enabled modes, is another matter.
--
[tim at bigblack ~]$ uname -ipr
2.6.22.9-91.fc7 i686 i386
Using FC 4, 5, 6 & 7, plus CentOS 5. Today, it's FC7.
Don't send private replies to my address, the mailbox is ignored.
I read messages from the public lists.
More information about the users
mailing list