[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: How best get rid of SELinux?



On Thu, 20 Sep 2007 23:49:41 -0400, David Boles wrote:

[....] 
> This way is, IMO, the crude way to do this. Turn SELinux off, if you
> chose to do so, in the SELinux configuration file.
> 
> /etc/selinux/config
> 
> change SELINUX=enforcing
> 
> to SELINUX=disabled

	Here's an interesting discovery. On a machine where I haven't 
touched selinux since installing F7, I get this : 

[root localhost btth]# cat /etc/selinux/config
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#       enforcing - SELinux security policy is enforced.
#       permissive - SELinux prints warnings instead of enforcing.
#       disabled - SELinux is fully disabled.
SELINUX=permissive
# SELINUXTYPE= type of policy in use. Possible values are:
#       targeted - Only targeted network daemons are protected.
#       strict - Full SELinux protection.
SELINUXTYPE=targeted

# SETLOCALDEFS= Check local definition changes
SETLOCALDEFS=0 
[root localhost btth]#

	Note that it says "targeted"  -- typically, without giving me any 
faintest hint at what. The same file on the machine I disabled selinux 
from yesterday is the same except for "disabled" instead of "permissive."

	I *hope* targeted makes no difference so long as selinux is 
disabled. But that doesn't tell me what is targeted on the other 
machines, nor whether the default choices fit my kind of situation. (If 
they do, I'll take it on faith that they're well chosen.)

-- 
Beartooth Staffwright, PhD, Neo-Redneck Linux Convert
Remember I know precious little of what I am talking about.


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]