On 12/04/2015 06:37 AM, Cowboy wrote:
And I don't disagree with anything you wrote, but there is no heads-up warning that SELinux is ENFORCING as shipped. Things just silently fail to work. Once you know, it's OK.
This was true with CentOS 6, too. For that matter, I'm trying to remember the last CentOS release that didn't have SELinux in Enforcing (targeted) mode by default..... to the best of my recollection, CentOS 4 shipped with Enforcing as the default, but that's been quite a while ago, and even then I started out with WBEL 4 and 'cross-graded' to CentOS 4 using yum.
With 6 you got an AVC denial to the desktop; I haven't yet experienced one with 7 so I can't comment on whether it sends it straight to the desktop or not.
Just trying to save some folks the grief I've already suffered.
Oh, I appreciate that, for sure. I would just say that a blanket 'disable SELinux' is maybe the wrong advice to give, that's all. But, then again, I do IT for a living; as a radio engineer doing IT as a secondary thing perhaps 'disabling' is the correct advice. But my experience is that if someone is able to follow the 'disable' advice that same someone is likely able to follow a 'permissive' mode advice which has less steps to do when or if you want to go back to 'enforcing' mode once you've learned more about why you would want to have SELinux in the first place. Just my opinion, though.
_______________________________________________ Rivendell-dev mailing list [email protected] http://caspian.paravelsystems.com/mailman/listinfo/rivendell-dev
