Bug 1418161 - Link to Selinux tutorial on setenforce 0.
Summary: Link to Selinux tutorial on setenforce 0.
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: libselinux
Version: 7.4
Hardware: Unspecified
OS: Unspecified
Target Milestone: rc
: ---
Assignee: Petr Lautrbach
QA Contact: BaseOS QE Security Team
Depends On:
TreeView+ depends on / blocked
Reported: 2017-02-01 04:15 UTC by Wade Mealing
Modified: 2017-03-06 11:42 UTC (History)
6 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Last Closed: 2017-03-06 11:42:51 UTC
Target Upstream Version:

Attachments (Terms of Use)

Description Wade Mealing 2017-02-01 04:15:18 UTC
Description of problem:

When running setenforce 0, perhaps include a link on stdout to a blog entry on kcs.

Perhaps a gentle introduction about how to relabel or chcon or containerize applications.

Current behavior:

# setenforce 0

Expected Behavior:

# setenforce 0
 - You may not need to disable SELinux, please visit:
 - http://people.fedoraproject.org/~dwalsh/SELinux/Presentations/selinux_four_things.pdf
 - Selinux has been disabled.


^ The above should be html instead of pdf, maybe its around, but that was a decent one I found.

Comment 2 Petr Lautrbach 2017-03-06 11:42:51 UTC
Thanks for the idea. It could be useful but setenforce is not used only on command line but it's also used in scripts and tools and since it could break some existing setups we can't  change it in RHEL-7.

It would need to be discussed upstream -  selinux@tycho.nsa.gov  - and applied in Fedora first - https://bugzilla.redhat.com/show_bug.cgi?id=1290008

Note You need to log in before you can comment on or make changes to this bug.