On Friday 21 September 2007, Andy Green wrote: >Somebody in the thread at some point said: >> On Thu, 20 Sep 2007 21:31:51 +0530, Rahul Sundaram wrote: >>> It shouldn't cause any trouble if you set to permissive mode. Can you >>> explain what problems you are having? >> >> I've just recently deleted a bunch of its incomprehensible >> reportage from the machine I'm on at the moment; this has come in since >> (with my apologies for what c&p does to the formatting) : > >Just to be clear, that is what "permissive" does... it lets you know >what selinux wouldn't've let through, but lets it through anyway. So >these error messages represent a passive opinion from selinux about what > it didn't like (but did nothing to prevent). So selinux is only to >blame for filling your logs, not any other badness while in permissive. > >IMO it is better to make selinux happy, if possible without causing a >heart attack, than to disable it. Why not start with > ># touch /.autorelabel > >and a reboot. This will make sure your files have the right selinux >label, the cause of many problems. > >-Andy With all due respect Andy, I probably did that 6 or 7 times. Not once did it actually fix a problem. -- Cheers, Gene "There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order." -Ed Howdershelt (Author) Never explain. Your friends do not need it and your enemies will never believe you anyway. -- Elbert Hubbard