Description of change/FAQ addition.  If a change, include the original 
text first, then the changed text: 
 
Please preface the following text with the string "if you are using strict 
policy".  Targeted policy has no need for running newrole. 
 
sysadm_r role required 
 You must issue the setenforce command with the sysadm_r role; to do so, use 
the newrole command. Alternately, if you switch to root using su -, you gain 
the sysadm_r role automatically. 
 
In FC4 there is now an answer to the following question.  Steve Grubb would be 
the best person to provide it. 
How do I temporarily turn off system-call auditing without having to reboot? 
 
 
Please replace this: 
For example, if an application running under an enforcing mode was denied 
trying to read a number of files in a directory, it would be stopped once at 
the beginning of the action. In a non-enforcing mode, the application is not 
stopped from traversing the directory tree, and would receive a denial message 
for each file read in the directory. 
With this: 
For example, if an application running under an enforcing mode was denied 
trying to read a directory. In a non-enforcing mode, the application is not 
stopped from traversing the directory tree, and would receive a denial message 
for each file read in the directory. 
 
 
We need a new question: 
Q) When my machine has wrong values for the security contexts of important 
files how do I recover it? 
A) You can create the file /.autorelabel and then reboot the machine for a 
file relabel on boot.  If the machine is not in a state to allow booting or 
logging in (so you can't create the file) then you can boot and put 
"autorelabel" on the boot command-line.  Note that the machine may need to be 
booted with "enforcing=0" to work in the case of system boot scripts with the 
wrong security context.