SELinux also adds finer granularity to access controls. Instead of only being able to specify who can read, write or execute a file, for example, SELinux lets you specify who can unlink, append only, move a file and so on. SELinux allows you to specify access to many resources other than files as well, such as network resources and interprocess communication (IPC).
Disable SELinux in Fedora 14:
For the operating system as a whole, there is two kinds of disabling:
Permissive - switch the SELinux kernel into a mode where every operation is allowed. Operations that would be denied are allowed and a message is logged identifying that it would be denied. The mechanism that defines labels for files which are being created/changed is still active.
Disabled - SELinux is completely switched off in the kernel. This allows all operations to be permitted, and also disables the process which decides what to label files & processes with.
Temporarily switch off enforcement:
To check what mode the system is in,
cat /selinux/enforcewhich will print a "0" or "1" for permissive or enforcing.
You can switch the system into permissive mode with the following command:
echo 0 >/selinux/enforcePermanently Permissive
The above will switch off enforcement temporarily - until you reboot the system. If you want the system to always start in permissive mode, then here is how you do it, In Fedora, edit /etc/selinux/config and just change SELINUX=enforcing to SELINUX=permissive, and you're done.
Fully Disabling SELinux:
Fully disabling SELinux goes one step further than just switching into permissive mode. Disabling will completely disable all SELinux functions including file and process labelling.
In Fedora, edit /etc/selinux/config and change the SELINUX line to SELINUX=disabled
0 comments:
Post a Comment