Q. How do I disable SELinux enforcement?
A. Security-Enhanced Linux (SELinux) is security patch applied to Linux kernel. When enabled in the kernel it follows the the principle of least privilege. It is an implementation of mandatory access control using Linux Security Modules (LSM).
From Wikipeidia Selinux page:
Security-enhanced Linux is a set of patches to the Linux kernel and some utilities to incorporate a strong, flexible mandatory access control (MAC) architecture into the major subsystems of the kernel. It provides a mechanism to enforce the separation of information based on confidentiality and integrity requirements, which allows threats of tampering and bypassing of application security mechanisms to be addressed and enables the confinement of damage that can be caused by malicious or flawed applications. It includes a set of sample security policy configuration files designed to meet common, general-purpose security goals.
But how do I turn it off or disable SELinux enforcement?
Selinux can be disabled by passing kernel boot parameters. You need to open grub.conf (menu.lst) or lilo.conf and append selinux=0:
For example here is my sample grub.conf file:
title Debian GNU/Linux, kernel 2.6.13-web100 Default
root (hd0,0)
kernel /boot/vmlinuz-2.6.13-web100 root=/dev/hdb1 ro selinux=0
initrd /boot/initrd.img-2.6.13-web100
savedefault
boot
Save file and reboot Linux system. Another option is use setenforce command
See also:
- 30 Handy Bash Shell Aliases For Linux / Unix / Mac OS X
- Top 30 Nmap Command Examples For Sys/Network Admins
- 25 PHP Security Best Practices For Sys Admins
- 20 Linux System Monitoring Tools Every SysAdmin Should Know
- 20 Linux Server Hardening Security Tips
- Linux: 20 Iptables Examples For New SysAdmins
- Top 20 OpenSSH Server Best Security Practices
- Top 20 Nginx WebServer Best Security Practices
- 20 Examples: Make Sure Unix / Linux Configuration Files Are Free From Syntax Errors
- 15 Greatest Open Source Terminal Applications Of 2012
- My 10 UNIX Command Line Mistakes
- Top 10 Open Source Web-Based Project Management Software
- Top 5 Email Client For Linux, Mac OS X, and Windows Users
- The Novice Guide To Buying A Linux Laptop
{ 1 comment… read it below or add one }
Hi,
SELinux gives me a hard time in regards to wine and game install, but in saying that is it wise to disable the one thing that is supposed to be protecting my computer? But also in saying that i recently had to format the hard drive to remove a dos virus with root access by someone else. That’s a worry! Question is to be or not to be as if i get a dos virus there is no way of eliminating that in linux.