Controlling or Disabling SELinux in Fedora Linux

For most of cases, you should not disable SELinux. However, for some users, SELinux may cause problems or is not needed. We may just make it not block operations or totally disable it.

Making SELinux log warnings instead of blocking

For many cases, people find SELinux blocks operations. For tests or some other situations, you may make it not blocking. But the warning messages of SELinux tells you many possible security problems. An good way may be making it warn you but not block operations.

SELinux’s configuration file is /etc/selinux/config

The method to configuring SELinux in Fedora is by editing the config file of SELinux:

$ cd /etc/selinux/
$ su
# cp config config.bak0
# vi config

Find this line:

SELINUX=enforcing

Change it to:

SELINUX=permissive

You will need to reboot to make it take effect.

Temporarily disable SELinux

Instead of permanently disable SELinux, you may just want to disable SELinux temporaryly. You can do this by running

# setenforce 0

As an alternative way, if you have SELinux enalbed

# echo 0 >/selinux/enforce

You can also enable SELinux back by

# setenforce 1

or

# echo 1 >/selinux/enforce

Permanently disable SELinux

If you would not to see SELinux forever, you may disable it permanently.

The method to diable SELinux in Fedora:

$ cd /etc/selinux/
$ su
# cp config config.bak0
# vi config

Find this line:

SELINUX=enforcing

Change it to:

SELINUX=disabled

Checking SELinux status

After configuring SELinux, you may want to check the status of SELinux. Here are several ways.

$ selinuxenabled
$ echo $?
1

Here, the return value of selinuxenabled indicates its status: ‘1’ means disabled and ‘0’ means enabled. This is very useful for scripts.

$ sestatus
SELinux status:                 disabled

sestatus shows human friendly results showing the status.

$ getenforce 
Disabled

getenforce is like sestatus but shows only the status with a word.

Update on Apr. 29, 2015: add more options for controlling and disabling SELinux.

Eric Zhiqiang Ma

Eric is interested in building high-performance and scalable distributed systems and related technologies. The views or opinions expressed here are solely Eric's own and do not necessarily represent those of any third parties.

0 comments:

Leave a Reply

Your email address will not be published. Required fields are marked *