linux poison RSS
linux poison Email

How to Disable SELinux in Fedora 14

SELinux is a security enhancement to Linux that allows users and administrators more control over which users and applications can access which resources, such as files. Standard Linux access controls, such as file modes (-rwxr-xr-x) are modifiable by the user and applications that the user runs whereas SELinux access controls are determined by a policy loaded on the system and not changeable by careless users or misbehaving applications.

SELinux also adds finer granularity to access controls. Instead of only being able to specify who can read, write or execute a file, for example, SELinux lets you specify who can unlink, append only, move a file and so on. SELinux allows you to specify access to many resources other than files as well, such as network resources and interprocess communication (IPC).

Disable SELinux in Fedora 14: 
For the operating system as a whole, there is two kinds of disabling:
Permissive - switch the SELinux kernel into a mode where every operation is allowed. Operations that would be denied are allowed and a message is logged identifying that it would be denied. The mechanism that defines labels for files which are being created/changed is still active.

Disabled - SELinux is completely switched off in the kernel. This allows all operations to be permitted, and also disables the process which decides what to label files & processes with.

Temporarily switch off enforcement:
To check what mode the system is in,
cat /selinux/enforce
which will print a "0" or "1" for permissive or enforcing.
You can switch the system into permissive mode with the following command:
echo 0 >/selinux/enforce
Permanently Permissive
The above will switch off enforcement temporarily - until you reboot the system. If you want the system to always start in permissive mode, then here is how you do it, In Fedora, edit /etc/selinux/config and just change SELINUX=enforcing to SELINUX=permissive, and you're done.

Fully Disabling SELinux:
Fully disabling SELinux goes one step further than just switching into permissive mode. Disabling will completely disable all SELinux functions including file and process labelling.
In Fedora, edit /etc/selinux/config and change the SELINUX line to SELINUX=disabled


Post a Comment

Related Posts with Thumbnails