How best get rid of SELinux?
Beartooth
Beartooth at swva.net
Fri Sep 21 15:35:51 UTC 2007
On Thu, 20 Sep 2007 23:49:41 -0400, David Boles wrote:
[....]
> This way is, IMO, the crude way to do this. Turn SELinux off, if you
> chose to do so, in the SELinux configuration file.
>
> /etc/selinux/config
>
> change SELINUX=enforcing
>
> to SELINUX=disabled
Here's an interesting discovery. On a machine where I haven't
touched selinux since installing F7, I get this :
[root at localhost btth]# cat /etc/selinux/config
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - SELinux is fully disabled.
SELINUX=permissive
# SELINUXTYPE= type of policy in use. Possible values are:
# targeted - Only targeted network daemons are protected.
# strict - Full SELinux protection.
SELINUXTYPE=targeted
# SETLOCALDEFS= Check local definition changes
SETLOCALDEFS=0
[root at localhost btth]#
Note that it says "targeted" -- typically, without giving me any
faintest hint at what. The same file on the machine I disabled selinux
from yesterday is the same except for "disabled" instead of "permissive."
I *hope* targeted makes no difference so long as selinux is
disabled. But that doesn't tell me what is targeted on the other
machines, nor whether the default choices fit my kind of situation. (If
they do, I'll take it on faith that they're well chosen.)
--
Beartooth Staffwright, PhD, Neo-Redneck Linux Convert
Remember I know precious little of what I am talking about.
More information about the fedora-list
mailing list