//

Thursday, December 27, 2012

How to Disable SElinux

Important note!  I do not recommend on disabling SElinux!
This article is meant for study purpose only!

as you know SElinux provides sophisticated security mechanism for your system.
sometimes you might want to temporarily disable SElinux  in order to see if its the reason for the problems you experience. Even if its the reason, you shouldn't disable its permanently! you should find anther solution!

First of all you need to know the possible selinux modes. taken from wiki.centos.org:

  • Enforcing: The default mode which will enable and enforce the SELinux security policy on the system, denying access and logging actions
  • Permissive: In Permissive mode, SELinux is enabled but will not enforce the security policy, only warn and log actions. Permissive mode is useful for troubleshooting SELinux issues
  • Disabled: SELinux is turned off

1. Temorarily switch to permissive mode:

Type in the following command:
echo 0 > /selinux/enforce
1 - enforcfing 
0 - permissive

2. permanently switch to permissive mode:

edit /etc/selinux/config 

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=permissive 
# SELINUXTYPE= can take one of these two values:
# targeted - Only targeted network daemons are protected.
# strict - Full SELinux protection.
SELINUXTYPE=targeted
As you can see SELINUX is set to permissive. 
Dont forget to reboot after the change.

1. DISABLE SElinux

edit /etc/selinux/config and this time set it like that: SELINUX=disabled

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of these two values:
# targeted - Only targeted network daemons are protected.
# strict - Full SELinux protection.
SELINUXTYPE=targeted
dont forget to reboot!

for none Redhat/Centos os append "enforcing=0" to the end of the kernel line:

title Mint (2.6.22-194.26.1.el5)
        root (hd0,0)
        kernel /vmlinuz-2.6.22-194.26.1.el5 ro root=LABEL=/ console=tty0,19200n8 enforcing=0
        initrd /initrd-2.6.22-194.26.1.el5.img


0 comments:

Post a Comment