On Wed, Mar 13, 2013 at 10:02:16AM -0500, gregrwm wrote: > so far i have remained blissfully ignorant of selinux, since thus far > openvz can't use it anyway. > > i see now echo 0>|/selinux/enforce no longer disables selinux on the newest > centos6. before i had that worked out i was wondering why restart sshd was > responding "/etc/ssh/sshd_config: Permission denied". yes i have replaced > /etc/ssh/sshd_config. > > but i'm still befuzzled. why was plain "/usr/sbin/sshd" able to start it > just fine (even before i managed to disable selinux!)? It is possible that your act of replacing of /etc/ssh/sshd_config temporarily changed the label on the file /etc/ssh/sshd_config and when you started sshd as root, you just ran the daemon in the default unconstrained domain. If you want to start sshd properly under SELinux you need to use: run_init service sshd start > i'll be glad to learn from your responses, other than that all i'm going to > learn today is the new way to disable selinux (setenforce 0) (and of course > selinux=0 in grub.conf). Cheers, florin -- Sent from my other microwave oven. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 198 bytes Desc: Digital signature URL: <http://mailman.mn-linux.org/pipermail/tclug-list/attachments/20130313/d56f2a79/attachment.pgp>