Go Back   TechArena Community > Technology > Networking & Security
Become a Member!
Forgot your username/password?
Tags Active Topics RSS Search Mark Forums Read

Reply
 
Thread Tools Search this Thread
  #1  
Old 09-01-2009
Member
 
Join Date: Jan 2009
Posts: 61
How do I disable SELinux

hi
i want to know how do I disable SELinux .some one told me that can be done but i got no detailes about that please tell me how to do disable SELinux .
thank you.
Reply With Quote
  #2  
Old 09-01-2009
Member
 
Join Date: Feb 2008
Posts: 2,631
Re: How do I disable SELinux

hi
Enhanced Linux (SELinux) is security patch applied to Linux kernel. When enabled in the kernel it follows the the principle of least privilege. It is an implementation of mandatory access control using Linux Security Modules
Security-enhanced Linux is a set of patches to the Linux kernel and some utilities to incorporate a strong, flexible mandatory access control (MAC) architecture into the major subsystems of the kernel. It provides a mechanism to enforce the separation of information based on confidentiality and integrity requirements, which allows threats of tampering and bypassing of application security mechanisms to be addressed and enables the confinement of damage that can be caused by malicious or flawed applications. It includes a set of sample security policy configuration files designed to meet common, general-purpose security goals.
so i dont know why you want to disable selinux.?

well
how do I turn it off or disable SELinux enforcement?

Selinux can be disabled by passing kernel boot parameters. You need to open grub.conf (menu.lst) or lilo.conf and append selinux=0:

For example here is my sample grub.conf file:
Quote:
title Debian GNU/Linux, kernel 2.6.13-web100 Default
root (hd0,0)
kernel /boot/vmlinuz-2.6.13-web100 root=/dev/hdb1 ro selinux=0
initrd /boot/initrd.img-2.6.13-web100
savedefault
boot
Save file and reboot Linux system. Another option is use setenforce command
Reply With Quote
  #3  
Old 09-01-2009
Member
 
Join Date: May 2008
Posts: 3,514
Re: How do I disable SELinux

hi
main there is two kinds of disabling:

* Permissive - switch the SELinux kernel into a mode where every operation is allowed. Operations that would be denied are allowed and a message is logged identifying that it would be denied. The mechanism that defines labels for files which are being created/changed is still active.
* Disabled - SELinux is completely switched off in the kernel. This allows all operations to be permitted, and also disables the process which decides what to label files & processes with.

Temporarily switch off enforcement
You can switch the system into permissive mode with the following command:

Quote:
echo 0 >/selinux/enforce
You'll need to be logged in as root, and in the sysadm_r role:

Quote:
newrole -r sysadm_r
To switch back into enforcing mode:
Quote:
echo 1 >/selinux/enforce
In Fedora Core and RedHat Enterprise Linux you can use the setenforce command with a 0 or 1 option to set permissive or enforcing mode, its just a slightly easier command than the above.

To check what mode the system is in,

Quote:
cat /selinux/enforce
which will print a "0" or "1" for permissive or enforcing - probably printed at the beginning of the line of the command prompt.
Reply With Quote
  #4  
Old 09-01-2009
Member
 
Join Date: May 2008
Posts: 3,514
Re: How do I disable SELinux

Permanently Permissive
The above will switch off enforcement temporarily - until you reboot the system. If you want the system to always start in permissive mode, then here is how you do it.

In Fedora Core and RedHat Enterprise, edit /etc/selinux/config and you will see some lines like this:


Quote:
# This file controls the state of SELinux on the system.
SELINUX= can take one of these three values:
enforcing - SELinux security policy is enforced.
permissive - SELinux prints warnings instead of enforcing.
disabled - No SELinux policy is loaded.
SELINUX=enforcing
SELINUXTYPE= can take one of these two values:
targeted - Only targeted network daemons are protected.
strict - Full SELinux protection.
SELINUXTYPE=targeted
just change SELINUX=enforcing to SELINUX=permissive, and you're done. Reboot if you want to prove it.

For the other Linuxes which don't have the /etc/selinux/config file, you just need to edit the kernel boot line, usually in /boot/grub/grub.conf if you're using the GRUB boot loader. On the kernel line, add enforcing=0 at the end.
Reply With Quote
  #5  
Old 09-01-2009
Member
 
Join Date: Jan 2006
Posts: 4,215
Re: How do I disable SELinux

Fully Disabling SELinux

Fully disabling SELinux goes one step further than just switching into permissive mode. Disabling will completely disable all SELinux functions including file and process labelling.

In Fedora Core and RedHat Enterprise, edit /etc/selinux/config and change the SELINUX line to SELINUX=disabled:


Quote:
This file controls the state of SELinux on the system.
SELINUX= can take one of these three values:
enforcing - SELinux security policy is enforced.
permissive - SELinux prints warnings instead of enforcing.
disabled - No SELinux policy is loaded.
SELINUX=disabled
SELINUXTYPE= can take one of these two values:
targeted - Only targeted network daemons are protected.
strict - Full SELinux protection.
SELINUXTYPE=targeted
and then reboot the system.

For the other Linuxes which don't have the /etc/selinux/config file, you just need to edit the kernel boot line, usually in /boot/grub/grub.conf, if you're using the GRUB boot loader. On the kernel line, add selinux=0 at the end. For example,


Quote:
title SE-Linux Test System
root (hd0,0)
kernel /boot/vmlinuz-2.4.20-selinux-2003040709 ro root=/dev/hda1 nousb selinux=0
initrd /boot/initrd-2.4.20-selinux-2003040709.img
You will have to reboot to disable SELinux, you just can't do it while the system is running.
Reply With Quote
  #6  
Old 09-01-2009
Member
 
Join Date: Apr 2008
Posts: 3,336
Re: How do I disable SELinux

How to stop SELINUX

You can enable and disable SELinux enforcement in runtime or configure it for system boot, using the command line or GUI. There are three modes for SELinux to be in: disabled, meaning not enabled in the kernel; permissive, meaning SELinux is running and logging but not controlling permissions; enforcing, meaning SELinux is running and enforcing policy.

To toggle enforcement during runtime, use the setenforce [ 0 | 1 ] command. The 0 option turns enforcement off, the 1 option turns it on.

Eg.
# /usr/sbin/setenforce 0 ( to disable )
# /usr/sbin/setenforce 1 ( to enable )
This options only allow you to disable selinux from running system but after reboot it will activate again.

The other way to permanent disable SELINUX is disable it from config file /etc/selinux/config or /etc/sysconfig/selinux

#SELINUX=enforcing
SELINUX=disabled

Change the status to disabled then reboot.

How to check SELINUX status?

# /usr/sbin/sestatus
Reply With Quote
Reply

  TechArena Community > Technology > Networking & Security
Tags: , ,



Thread Tools Search this Thread
Search this Thread:

Advanced Search


Similar Threads for: "How do I disable SELinux"
Thread Thread Starter Forum Replies Last Post
What help with SELinux Faizah Networking & Security 5 02-06-2011 11:25 PM
How to disable Disable ADW.Launcher on N800 Gonercase Portable Devices 4 21-02-2011 08:25 AM
Running Selinux on Fedora umaymah Operating Systems 5 04-01-2011 12:12 AM
Cannot run selinux-policy Shakaal Networking & Security 4 20-08-2010 11:43 AM
How to disable some of RAM AbrahamL Hardware Peripherals 5 29-03-2010 05:18 PM


All times are GMT +5.5. The time now is 11:18 AM.