Explain the differences between enforcing, permissive, and disabled mode.
How would you temporarily switch between enforcing and permissive mode?
Why don't we need to add ordinary unprivileged users to the policy via the local.users files?
Change a Boolean value. Make sure the change will be preserved.
Create a new user account system administrator named joe that may su into the privileged root account with administrator privilege.
Given the following audit message, write a corresponding allow rule that would allow the denied access in the future:
type=AVC msg=audit(1129843356.666:28947): avc: denied { read } for pid=1730 comm="grep" name=ifcfg-lo dev=dm-0 ino=1243093 scontext =system_u:system_r:udev_t tcontext=system_u:object_r:net_conf_t tclass=file
Use restorecon to check the file labels for all files and directories in /etc/. How would you change the command to restore any labels that do not match the file context files?
