Description of change/FAQ addition. If a change, include the original text first, then the changed text: Please preface the following text with the string "if you are using strict policy". Targeted policy has no need for running newrole. sysadm_r role required You must issue the setenforce command with the sysadm_r role; to do so, use the newrole command. Alternately, if you switch to root using su -, you gain the sysadm_r role automatically. In FC4 there is now an answer to the following question. Steve Grubb would be the best person to provide it. How do I temporarily turn off system-call auditing without having to reboot? Please replace this: For example, if an application running under an enforcing mode was denied trying to read a number of files in a directory, it would be stopped once at the beginning of the action. In a non-enforcing mode, the application is not stopped from traversing the directory tree, and would receive a denial message for each file read in the directory. With this: For example, if an application running under an enforcing mode was denied trying to read a directory. In a non-enforcing mode, the application is not stopped from traversing the directory tree, and would receive a denial message for each file read in the directory. We need a new question: Q) When my machine has wrong values for the security contexts of important files how do I recover it? A) You can create the file /.autorelabel and then reboot the machine for a file relabel on boot. If the machine is not in a state to allow booting or logging in (so you can't create the file) then you can boot and put "autorelabel" on the boot command-line. Note that the machine may need to be booted with "enforcing=0" to work in the case of system boot scripts with the wrong security context.
If you are wanting to turn off syscall auditing, you delete the rules. That is auditctl -D. No rules, no auditing. You can see the rules by auditctl -l. This does not affect SE Linux though. If you want to turn off the whole audit system then auditctl -e 0 will do it. -e 1 turns it back on.
Th FC3 version of the SELinux FAQ is no longer being maintained I am closing this ancient bug. FYI The is an FC5 FAQ http://docs.fedoraproject.org/selinux-faq/ and a list of proposed updates in the wiki at https://fedoraproject.org/wiki/SELinux/FAQ/ProposedAdditions Additional FAQ work will likely remain in the wiki but there is also a F10 SELinux Users Guide http://docs.fedoraproject.org/selinux-user-guide/