Anybody understand SELinux?

Jason Azze jason at
Fri Dec 23 21:17:07 UTC 2016

My SELinux is very rusty.

To find your current SELinux setting:

To set it to Permissive mode in order to use Achim's suggestion for
log checking:
setenforce Permissive

This change won't persist across reboots.

To change the context of the file, try:

chcon -t system_u ntp.conf

It's at this point that I usually give up and disable SELinux. :-)

On Fri, Dec 23, 2016 at 2:59 PM, Hal Murray <hmurray at> wrote:
> Stromeko at Nexgo.DE said:
>>  From what you've been showing I think the config file needs to be in  the
>> system_u context in order for logrotate to not pick up any files  that may
>> have been dropped into the directory maliciously.
> Thanks.  That sounds right, but what do I type to make it happen?  The whole
> area of files having a security context (I think that's the right term) is
> something I don't know anything about.  Is there a HOWTO type document for
> things like this?
> I want to put a comment in the top of the file that says roughly:
> if you run SELinux, you need to do:
>   what goes here?
> For more info see xxx
> --
> These are my opinions.  I hate spam.
> _______________________________________________
> devel mailing list
> devel at

More information about the devel mailing list