SELinux management
From TBwiki
(Difference between revisions)
(fix format) |
|||
| (2 intermediate revisions by 2 users not shown) | |||
| Line 14: | Line 14: | ||
Policy from config file: targeted | Policy from config file: targeted | ||
| + | <br> | ||
== How to disable SELinux<br> == | == How to disable SELinux<br> == | ||
| − | === | + | === Set SELinux to permissive (not truly disabled)<br> === |
setenforce 0 | setenforce 0 | ||
| − | |||
| − | |||
<br> | <br> | ||
| − | === Disable SELinux | + | === Disable SELinux entirely<br> === |
Edit the file:<br> | Edit the file:<br> | ||
| − | vi /etc/selinux/config | + | vi /etc/selinux/config |
Set the line to SELINUX=disabled <br> | Set the line to SELINUX=disabled <br> | ||
| Line 38: | Line 37: | ||
# permissive - SELinux prints warnings instead of enforcing. | # permissive - SELinux prints warnings instead of enforcing. | ||
# disabled - SELinux is fully disabled. | # disabled - SELinux is fully disabled. | ||
| − | SELINUX=disabled | + | SELINUX=disabled <------ Line to modify |
# SELINUXTYPE= type of policy in use. Possible values are: | # SELINUXTYPE= type of policy in use. Possible values are: | ||
# targeted - Only targeted network daemons are protected. | # targeted - Only targeted network daemons are protected. | ||
# strict - Full SELinux protection. | # strict - Full SELinux protection. | ||
SELINUXTYPE=targeted | SELINUXTYPE=targeted | ||
| + | |||
| + | Reboot or use the setenforce command:<br> | ||
| + | <pre>shutdown -r now | ||
| + | or | ||
| + | setenforce 0 | ||
| + | </pre> | ||
Latest revision as of 07:46, 22 July 2011
Contents |
How to get SELinux status
The following command will retreive the SELinux status of your system (output may vary):
sestatus
exemple from CentOS 5.3
SELinux status: enabled SELinuxfs mount: /selinux Current mode: permissive Mode from config file: permissive Policy version: 21 Policy from config file: targeted
How to disable SELinux
Set SELinux to permissive (not truly disabled)
setenforce 0
Disable SELinux entirely
Edit the file:
vi /etc/selinux/config
Set the line to SELINUX=disabled
# This file controls the state of SELinux on the system. # SELINUX= can take one of these three values: # enforcing - SELinux security policy is enforced. # permissive - SELinux prints warnings instead of enforcing. # disabled - SELinux is fully disabled. SELINUX=disabled <------ Line to modify # SELINUXTYPE= type of policy in use. Possible values are: # targeted - Only targeted network daemons are protected. # strict - Full SELinux protection. SELINUXTYPE=targeted
Reboot or use the setenforce command:
shutdown -r now or setenforce 0
