disabling selinux entirely
Stephen Smalley
sds at tycho.nsa.gov
Wed Jan 7 16:29:51 UTC 2009
On Wed, 2009-01-07 at 11:25 -0500, John Aldrich wrote:
> On Wednesday 07 January 2009, Stephen Smalley wrote:
> > On Wed, 2009-01-07 at 10:23 -0500, John Aldrich wrote:
> > > I thought that by setting selinux to "disabled" in the config file, I
> > > wouldn't be bothered by it's alerts any more. How do I stop SELinux
> > > from running, period? I don't want any alerts from SELinux regarding
> > > stuff I'm trying to install.
> >
> > SELINUX=disabled in /etc/selinux/config should have done the trick for
> > you. Can you provide the output of:
> > $ cat /etc/selinux/config
> > $ dmesg | grep SELinux:
> >
> [john at SLAVE1 ~]$ cat /etc/selinux/config
> # This file controls the state of SELinux on the system.
> # SELINUX= can take one of these three values:
> # enforcing - SELinux security policy is enforced.
> # permissive - SELinux prints warnings instead of enforcing.
> # disabled - SELinux is fully disabled.
> SELINUX=disabled
> # SELINUXTYPE= type of policy in use. Possible values are:
> # targeted - Only targeted network daemons are protected.
> # strict - Full SELinux protection.
> SELINUXTYPE=targeted
>
> [john at SLAVE1 ~]$ dmesg | grep selinux
> SELinux: initialized (dev selinuxfs, type selinuxfs), uses genfs_contexts
>
> Note that I have not rebooted yet, if that's necessary.
Yes, reboot required. It can only be done safely at boot or early init
(it unhooks selinux from the kernel code paths altogether). BTW, it
doesn't matter now but I asked for "grep SELinux:" not "grep selinux",
which would have shown more messages.
--
Stephen Smalley
National Security Agency
More information about the fedora-list
mailing list