selinux eradicator?

David Boles dgboles at
Thu Jun 28 23:14:25 UTC 2007

on 6/28/2007 3:13 PM, Karl Larsen wrote:
> Matthew J. Roth wrote:
>> Karl Larsen wrote:
>>> This tells me that init is running a selinux demon and I know how to 
>>> stop that I think. I looked at /etc/rc.d/init.d/ but no selinux 
>>> switch. So I ask where in hell is it?
>>> [root at k5d init.d]# whereis selinux
>>> selinux: /etc/selinux /usr/include/selinux /usr/share/selinux 
>>> /usr/share/man/man8/selinux.8.gz
>>> [root at k5d init.d]#
>>> So there is some reading that needs doing.
>> Karl,
>> The SELinux settings are contained in "/etc/sysconfig/selinux".  I 
>> have SELinux disabled, and the file looks like this:
>> [root at server ~]# cat /etc/sysconfig/selinux
>> # This file controls the state of SELinux on the system.
>> # SELINUX= can take one of these three values:
>> #       enforcing - SELinux security policy is enforced.
>> #       permissive - SELinux prints warnings instead of enforcing.
>> #       disabled - SELinux is fully disabled.
>> SELINUX=disabled
>> # SELINUXTYPE= type of policy in use. Possible values are:
>> #       targeted - Only targeted network daemons are protected.
>> #       strict - Full SELinux protection.
>> SELINUXTYPE=targeted
>> Note that any changes to this file require a reboot to take affect.  
>> "sestatus" can then be used to verify the change:
>> [root at server ~]# sestatus
>> SELinux status:         disabled
>> Matthew Roth
>> InterMedia Marketing Solutions
>> Software Engineer and Systems Developer
> Boy! What a gold mine of information! No reason for anyone to complain 
> about selinux any more. I did what is above and it was easy with the joe 
> editor. But I need to set it to put the original in /tmp/ :-)    I'm 
> tired of rm *~ which works but geeze.
> Then a reboot and a test:
> [root at k5d ~]# sestatus
> SELinux status:                 disabled
> [root at k5d ~]#
> So I can't complain about it again. It sure was a lot less obvious in FC4.
> Karl

Good for you!!!!

What you just did was something like:

Build a house.
Put everything valuable that you own into it.
Disable all of the locks.
Open all of the windows and doors.

And then walk away.

Makes it really easy for the 'bad guys' to steal, or break, your stuff.
Like that guy at the University that you mentioned earlier.



-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 187 bytes
Desc: OpenPGP digital signature
URL: <>

More information about the fedora-list mailing list