Things to remember when disabling SELinux


Posted in operating systems, system admin on 01/21/2010 04:31 pm by jwatson

Perhaps SELinux was provided by default from your linux distribution of choice, or maybe it has been determined that it is not needed anymore for whatever applications the server is currently performing. Disabling SELinux is a matter of changing a line in your selinux config. The normal location would be to look in /etc/selinux/config and change the value of the SELINUX line.


# SELinux turned off
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=disabled

However, we’re not done yet! Before you reboot your system you need to make sure that your
kernel boot line isn’t expecting SELinux to be active. We can set it to be specifically deactivated as
follows:

with Grub:

edit your /boot/grub/menu.lst


title  Ubuntu 9.04, kernel 2.6.28-11-generic
uuid   28cd3d96-e22c-4230-a63d-f7a73ec323e3
kernel  /boot/vmlinuz-2.6.28-11-generic root=/dev/sda3 ro rootdelay=10 quiet splash selinux=0
initrd  /boot/initrd.img-2.6.28-11-generic
quiet

Note: you may also need to add enforcing=0 to your kernel line, depending on your setup.

 

Leave a Reply

« Setup email for thunderbird in Windows | How do I set up my e-mail in Microsoft Outlook? »