[ovirt-users] failing update ovirt-engine on centos 7
Fabrice Bacchella
fabrice.bacchella at icloud.com
Mon May 30 13:22:16 UTC 2016
> Le 30 mai 2016 à 15:01, Michal Skrivanek <michal.skrivanek at redhat.com> a écrit :
>
>
>> On 30 May 2016, at 14:57, Fabrice Bacchella <fabrice.bacchella at orange.fr> wrote:
>>
>>>
>>> Running with selinux disabled is not recommended nor supported.
>>> It should be easy to skip over that problem, but in general this is not something you should hit in normal environment
>>
>> That's very theorical recommandation. selinux is very very often disabled, because nobody really understand it.
>
> It is not theoretical, it’s mandatory. there is an assumption it is enabled, after bare OS installation it is enabled, so when you disable it it is an explicit decision done by the admin for some reason. What did you find not working? Did you really encounter anything not being solved by setting Permissive mode instead disabling completely?
>
What's the purpose of permissive ? if everything is allowed, what selinux is good for ? Instead of having something that run doing nothing, I shutdown it, and selinux is part of that generic policy.
What is a bad practice is switching selinux on and off. So my installation setup is done with selinux down and stay so for the whole server life of the server.
I never met a product that requisite selinux.
And more, I just have a look at your administration guide (http://www.ovirt.org/documentation/admin-guide/administration-guide/) and quickstart guide (http://www.ovirt.org/documentation/quickstart/quickstart-guide/). selinux is never declared as mandatory. There is just a few tips about the problem that one can have with selinux.
More information about the Users
mailing list