How best get rid of SELinux?

Thu Sep 20 16:29:05 UTC 2007

On Thu, 20 Sep 2007 21:31:51 +0530, Rahul Sundaram wrote:

> It shouldn't cause any trouble if you set to permissive mode. Can you
> explain what problems you are having?

	I've just recently deleted a bunch of its incomprehensible 
reportage from the machine I'm on at the moment; this has come in since 
(with my apologies for what c&p does to the formatting) :  

SummarySELinux is preventing semodule (semanage_t) "getattr" to / 
(fs_t).Detailed DescriptionSELinux denied access requested by semodule. 
It is not expected that this access is required by semodule and this 
access may signal an intrusion attempt. It is also possible that the 
specific version or configuration of the application is causing it to 
require additional access.Allowing AccessYou can generate a local policy 
module to allow this access - see FAQ Or you can disable SELinux 
protection altogether. Disabling SELinux protection is not recommended. 
Please file a bug report against this package.Additional 
InformationSource Context:  user_u:system_r:semanage_tTarget 
Context:  system_u:object_r:fs_tTarget Objects:  / [ filesystem ]Affected 
RPM Packages:  filesystem-2.4.6-1.fc7 [target]Policy RPM:  selinux-
policy-2.6.4-38.fc7Selinux Enabled:  TruePolicy Type:  targetedMLS 
Enabled:  TrueEnforcing Mode:  PermissivePlugin 
Name:  plugins.catchallHost Name:  localhost.localdomainPlatform:  Linux 
localhost.localdomain 2.6.22.4-65.fc7 #1 SMP Tue Aug 21 22:36:56 EDT 2007 
i686 athlon
Alert Count:  1First Seen:  Wed 05 Sep 2007 09:37:21 AM EDTLast 
Seen:  Wed 05 Sep 2007 09:37:21 AM EDTLocal ID:  fb994b74-5944-49d4-836b-
f9011476aec6Line Numbers:  Raw Audit Messages :avc: denied { getattr } 
for comm="semodule" dev=dm-0 name="/" pid=28412 
scontext=user_u:system_r:semanage_t:s0 tclass=filesystem 
tcontext=system_u:object_r:fs_t:s0 

	Quite commmonly, along with all the stuff that would take me 
years of study (years I don't have) to understand, I get either a 
recommendation to run some command ending in "reboot," which is very 
tiresome to do, and also takes inordinate time. Or else it asks for a bug 
report, which I am not competent to write, nor do I have time for it.

> Run the following command as root to verify the mode
> 
> # getenforce

	I get this, on all three machines that live on my desk : 

[root at localhost ~]# getenforce
Permissive
[root at localhost ~]# 

> 
> Can I just command "yum remove selinux"?
> 
> SELinux is not a single package. You can remove the policy files but the
> SELinux library is used by many core packages and cannot be removed
> easily. See previous discussions in this list in the archives for more
> details.

	More details? I'm already drowning in details meaningless to me!

-- 
Beartooth Staffwright, PhD, Neo-Redneck Linux Convert
Remember I know precious little of what I am talking about.