Stopping SELinux
Ivan Gyurdiev
ivg2 at cornell.edu
Fri Jan 13 23:58:20 UTC 2006
Ivan Gyurdiev wrote:
> Timothy Murphy wrote:
>> Sorry to be a bore,
>> but how does one stop selinux running?
>> Is it sufficient to set "SELINUX=disabled"
>> in /etc/selinux/config ?
>>
>> [I'm afraid since I started running selinux
>> I've been having problems with my WiFi network -
>> quite likely nothing to do with SELinux,
>> but all the same I'd like to make sure it is not running
>> during diagnostics.
>> I have made the setting above,
>> but still seem to get messages about selinux in /var/log/messages .
>> Is there any process I should kill ?]
>>
> To stop selinux completely, that should be sufficient (I think), or
> you can pass selinux=0 to the kernel.
> In either case, you need to reboot the machine. To debug problems with
> selinux, however, you should run it in permissive mode, which disables
> enforcement, but keeps selinux running, and logging any errors.
> Otherwise, any files created while selinux is off will have no
> security context, and you'll need to relabel afterwards to fix your
> machine. You can change enforcing status permanently by editing
> /etc/selinux/config (or with system-config-securitylevel, or by
> passing enforcing=0 to kernel). You can also use /usr/sbin/setenforce,
> which changes the current enforcing status, without making it
> permanent (does not need a reboot). You can use /usr/sbin/getenforce
> to check if it worked.
And no, there is no process to kill, since selinux is in the kernel -
that's why you have to reboot the machine to turn it off, and pass the
proper parameters to the kernel.
More information about the fedora-selinux-list
mailing list