It seems that restorecon -Rv / would do the trick, thanks
On 10/24/2014 08:15 PM, Yusuf Hadiwinata wrote:
Hi
You need to know the right security context and use semanage fcontext -t http_sys_content_t '/var/www/myweb' and run restoreconf for example
It is doubtful disabling modules will not make SELinux run faster.
You could have done something like
find / -context="*:unlabeled_t:*" -print0 | restorecon -f - -0
But
restorecon -R /
Would also work.
On 10/24/2014 01:27 PM, george karakou wrote:
It seems that restorecon -Rv / would do the trick, thanks
On 10/24/2014 08:15 PM, Yusuf Hadiwinata wrote:
Hi
You need to know the right security context and use semanage fcontext -t http_sys_content_t '/var/www/myweb' and run restoreconf for example
-- selinux mailing list selinux@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/selinux
I disabled modules that i will never need. For example docker,cobbler and others from contrib. I thought that if the selinux engine would have to parse 1000 allow rules for every call parsing 800 would provide a faster decision. The rest would be denied. Anyway restorecon was the solution. Now i think it might be a good idea to run a weekly/monthly cronjob and have restorecon in it. I just cant remember when was the last time i run the command. It must have been over a year. Thanks
On 10/24/2014 08:41 PM, Daniel J Walsh wrote:
It is doubtful disabling modules will not make SELinux run faster.
You could have done something like
find / -context="*:unlabeled_t:*" -print0 | restorecon -f - -0
But
restorecon -R /
Would also work.
On 10/24/2014 01:27 PM, george karakou wrote:
It seems that restorecon -Rv / would do the trick, thanks
On 10/24/2014 08:15 PM, Yusuf Hadiwinata wrote:
Hi
You need to know the right security context and use semanage fcontext -t http_sys_content_t '/var/www/myweb' and run restoreconf for example
-- selinux mailing list selinux@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/selinux
On 10/25/2014 03:32 AM, george karakou wrote:
I disabled modules that i will never need. For example docker,cobbler and others from contrib. I thought that if the selinux engine would have to parse 1000 allow rules for every call parsing 800 would provide a faster decision. The rest would be denied. Anyway restorecon was the solution. Now i think it might be a good idea to run a weekly/monthly cronjob and have restorecon in it. I just cant remember when was the last time i run the command. It must have been over a year. Thanks
Well SELinux is highly optimized for reading the rules, so the first time it looks up an access decision it is cached and never looked up again (Unless the policy changes). Removing a few thousand rules is probably not going to be measurably faster. But you will save some kernel memory.
On 10/24/2014 08:41 PM, Daniel J Walsh wrote:
It is doubtful disabling modules will not make SELinux run faster.
You could have done something like
find / -context="*:unlabeled_t:*" -print0 | restorecon -f - -0
But
restorecon -R /
Would also work.
On 10/24/2014 01:27 PM, george karakou wrote:
It seems that restorecon -Rv / would do the trick, thanks
On 10/24/2014 08:15 PM, Yusuf Hadiwinata wrote:
Hi
You need to know the right security context and use semanage fcontext -t http_sys_content_t '/var/www/myweb' and run restoreconf for example
-- selinux mailing list selinux@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/selinux
-- selinux mailing list selinux@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/selinux
selinux@lists.fedoraproject.org
-
Daniel J Walsh -
George Karakougioumtzis