|
|
|
|
|
|
by tremon
1519 days ago
|
|
|
The article author is Testing in PROD when you acknowledge this, then continuing your advice with setenforce 0
is a spectacularly bad idea. You can make individual domains permissive using semanage permissive -a ${context}
and then run the failing test using only that permissive domain.Of course, the story becomes much more complicated if the failing test requires type transitions -- but blanket advising people to put an entire PROD system in permissive mode is not a good idea. |
|
|