Home

Disabling SELinux

If SELinux is enabled on a host PC, then user processes are given the lowest amount of privileges needed to perform basic tasks. These privilege restrictions are also applied to processes run by the root user.

Because of this, it might follow that some operations fail while installing STLinux. For example, the dev/ nodes in the NFS exported root file system might not be created, RPM post installation scripts are not properly run and so forth.

To avoid these issues it is possible to disable SELinux on the host PC.

Enabling/Disabling SELinux on a running system

The following command temporarily disables SELinux: 

host# echo 0 >/selinux/enforce

The following command temporarily enables SELinux: 

host# echo 1 >/selinux/enforce
Permanently disabling SELinux (needs reboot)

It is also possible to disable SELinux every time the system is booted. The following file needs to be altered appropriately in /etc/sysconfig/selinux: 

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of these two values:
# targeted - Only targeted network daemons are protected.
# strict - Full SELinux protection.
SELINUXTYPE=targeted

If you are running a Linux system without a /etc/sysconfig/selinux file then you can pass the following kernel parameter: 

enforcing=0

External links: