Test if SELinux is running
You can test to see if SELinux is currently enabled with the following command:
# selinuxenabled && echo enabled || echo disabled
[root@cloudstorage01 ~]#
[root@cloudstorage01 ~]# sestatus | grep -i mode
Current mode: enforcing
Mode from config file: permissive
|
Turning off SELinux temporarily
Disabling SELinux temporarily is the easiest way to determine if the problem you are experiencing is related to your SELinux settings. To turn it off, you will need to become the root users on your system and execute the following command:
# echo 0 > /selinux/enforce |
This temporarily turns off SELinux until it is either re-enabled or the system is rebooted. To turn it back on you simply execute this command:
# echo 1 > /selinux/enforce |
As you can see from these commands what you are doing is setting the file /selinux/enforce to either ’1′ or ’0′ to denote ‘true’ and ‘false’.
To check what mode the system is in,
# cat /selinux/enforce |
Configuring SELinux to log warnings instead of block
You can also configure SELinux to give you a warning message instead of actually prohibiting the action. This known as permissive mode. To change SELinux’s behavior to permissive mode you need to edit the configuration file. On Fedora and RHEL systems that file is located at /etc/selinux/config. You need tochange the SELINUX option to permissive like so:
SELINUX = permissive |
Note that these changes will not take effect until the system is rebooted, which is why the first section comes in handy on a system you either cannot or do not want to reboot right now.
Completely turning off SELinux
# vi /etc/selinux/config |
Change SELINUX=enforcing
# This file controls the state of SELinux on the system. # SELINUX= can take one of these three values: # enforcing - SELinux security policy is enforced. # permissive - SELinux prints warnings instead of enforcing. # disabled - No SELinux policy is loaded. SELINUX = enforcing # SELINUXTYPE= can take one of these two values: # targeted - Targeted processes are protected, # mls - Multi Level Security protection. SELINUXTYPE = targeted |
to SELINUX=disabled
# This file controls the state of SELinux on the system. # SELINUX= can take one of these three values: # enforcing - SELinux security policy is enforced. # permissive - SELinux prints warnings instead of enforcing. # disabled - SELinux is fully disabled. SELINUX = disabled # SELINUXTYPE= type of policy in use. Possible values are: # targeted - Only targeted network daemons are protected. # strict - Full SELinux protection. SELINUXTYPE = targeted |
This will disable SELinux on your next reboot.
To verify if SELinux is disabled, run “
# dmesg | grep selinux |
You should see
selinux = 0 |
# dmesg | grep selinux type = 1404 audit ( 1343044277.9 56 : 2 ) : selinux = 0 auid = 4294967295 ses = 4294967295 |
No comments:
Post a Comment