Forum: Cfengine Help Subject: CFEngine in co-existance with SELINUX Author: debheller Link to topic: https://cfengine.com/forum/read.php?3,22644,22644#msg-22644
Question: Has anyone here been able to adequately tame selinux that is in permissive & targeted mode such that cfengine processes are not constantly getting flagged by selinux? I could run a lot of sealert commands, but I'd rather do this pro-actively, and not after the fact. Admittedly, I don't fully understand the nuances of selinux, so consider this a noob question... :-) We've got a number of Fedora Core14 (soon to be FC15) hosts. By default, we have them run with selinux set to permissive & targeted mode. In releases of FC13 and above, the system records a LOT of alert messages in /var/log/messages, things like: Jun 28 11:26:41 toolshed setroubleshoot: SELinux is preventing /var/cfengine/bin/cf-twin from \ using the execstack access on a process. For complete SELinux messages.\ run sealert -l 728e7b95-0be9-441d-982b-645f7e81f5f2 Kinda scary, since permissive mode shouldn't be "preventing" anything, eh? Am I looking at this wrong? _______________________________________________ Help-cfengine mailing list Help-cfengine@cfengine.org https://cfengine.org/mailman/listinfo/help-cfengine
