Stopping SELinux

[Ivan Gyurdiev]

Ivan Gyurdiev wrote:
> Timothy Murphy wrote:
>> Sorry to be a bore,
>> but how does one stop selinux running?
>> Is it sufficient to set "SELINUX=disabled"
>> in /etc/selinux/config ?
>>
>> [I'm afraid since I started running selinux
>> I've been having problems with my WiFi network -
>> quite likely nothing to do with SELinux,
>> but all the same I'd like to make sure it is not running
>> during diagnostics.
>> I have made the setting above,
>> but still seem to get messages about selinux in /var/log/messages .
>> Is there any process I should kill ?]
>>   
> To stop selinux completely, that should be sufficient (I think), or 
> you can pass selinux=0 to the kernel.
> In either case, you need to reboot the machine. To debug problems with 
> selinux, however, you should run it in permissive mode, which disables 
> enforcement, but keeps selinux running, and logging any errors. 
> Otherwise, any files created while selinux is off will have no 
> security context, and you'll need to relabel afterwards to fix your 
> machine. You can change enforcing status permanently by editing 
> /etc/selinux/config (or with system-config-securitylevel, or by 
> passing enforcing=0 to kernel). You can also use /usr/sbin/setenforce, 
> which changes the current enforcing status, without making it 
> permanent (does not need a reboot). You can use /usr/sbin/getenforce 
> to check if it worked.
And no, there is no process to kill, since selinux is in the kernel - 
that's why you have to reboot the machine to turn it off, and pass the 
proper parameters to the kernel.