On Thu, 20 Sep 2007 21:31:51 +0530, Rahul Sundaram wrote: > It shouldn't cause any trouble if you set to permissive mode. Can you > explain what problems you are having? I've just recently deleted a bunch of its incomprehensible reportage from the machine I'm on at the moment; this has come in since (with my apologies for what c&p does to the formatting) : SummarySELinux is preventing semodule (semanage_t) "getattr" to / (fs_t).Detailed DescriptionSELinux denied access requested by semodule. It is not expected that this access is required by semodule and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access.Allowing AccessYou can generate a local policy module to allow this access - see FAQ Or you can disable SELinux protection altogether. Disabling SELinux protection is not recommended. Please file a bug report against this package.Additional InformationSource Context: user_u:system_r:semanage_tTarget Context: system_u:object_r:fs_tTarget Objects: / [ filesystem ]Affected RPM Packages: filesystem-2.4.6-1.fc7 [target]Policy RPM: selinux- policy-2.6.4-38.fc7Selinux Enabled: TruePolicy Type: targetedMLS Enabled: TrueEnforcing Mode: PermissivePlugin Name: plugins.catchallHost Name: localhost.localdomainPlatform: Linux localhost.localdomain 2.6.22.4-65.fc7 #1 SMP Tue Aug 21 22:36:56 EDT 2007 i686 athlon Alert Count: 1First Seen: Wed 05 Sep 2007 09:37:21 AM EDTLast Seen: Wed 05 Sep 2007 09:37:21 AM EDTLocal ID: fb994b74-5944-49d4-836b- f9011476aec6Line Numbers: Raw Audit Messages :avc: denied { getattr } for comm="semodule" dev=dm-0 name="/" pid=28412 scontext=user_u:system_r:semanage_t:s0 tclass=filesystem tcontext=system_u:object_r:fs_t:s0 Quite commmonly, along with all the stuff that would take me years of study (years I don't have) to understand, I get either a recommendation to run some command ending in "reboot," which is very tiresome to do, and also takes inordinate time. Or else it asks for a bug report, which I am not competent to write, nor do I have time for it. > Run the following command as root to verify the mode > > # getenforce I get this, on all three machines that live on my desk : [root@localhost ~]# getenforce Permissive [root@localhost ~]# > > Can I just command "yum remove selinux"? > > SELinux is not a single package. You can remove the policy files but the > SELinux library is used by many core packages and cannot be removed > easily. See previous discussions in this list in the archives for more > details. More details? I'm already drowning in details meaningless to me! -- Beartooth Staffwright, PhD, Neo-Redneck Linux Convert Remember I know precious little of what I am talking about.