On Fri, Jul 12, 2013 at 02:38:33PM -0400, Drew from Zhrodague wrote: > > It is an excellent solution for those of us who want our stuff to > work, without having to fight with SELinux. I always disable > SELinux.
Again, not a solution.
Management of selinux is trivial these days with a wealth of information
to assist in doing so available at your fingertips on the web. This
type of behavior is dangerous and admins should be ashamed that they
believe this to be a 'solution'; learn to use the tools available:
setenforce 0 # drop to permissive
load_policy # create reset point to assist in isolation of avcs
# go through all motions to trigger all actions that need to be allowed
audit2allow -M $module_name -l -i /var/log/audit/audit.log # build module
setenforce 1 # restore enforcing
less $module_name.te # inspect the module, salt to taste
semodule -v -i $module_name.pp # load it
profit
$module_name is an arbitrary name of your choosing. Full documentation is
available for everything above.
John
--
"Worry never robs tomorrow of its sorrow, it only saps today of its joy."
~~ Leo Buscaglia
pgpg6KJmB9tbM.pgp
Description: PGP signature
