Win a copy of Five Lines of Code this week in the OO, Patterns, UML and Refactoring forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Bear Bibeault
  • Ron McLeod
  • Jeanne Boyarsky
  • Paul Clapham
Sheriffs:
  • Tim Cooke
  • Liutauras Vilda
  • Junilu Lacar
Saloon Keepers:
  • Tim Moores
  • Stephan van Hulst
  • Tim Holloway
  • fred rosenberger
  • salvin francis
Bartenders:
  • Piet Souris
  • Frits Walraven
  • Carey Brown

Disable Selinux Temporarily

 
Greenhorn
Posts: 11
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I want to dislabe SeLinux but this will be temporary where after reboot it should be enabled.
 
Marshal
Posts: 69752
277
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Sorry for delay in replying; I actually know this
See this link and use the setenforce command.
 
Ranch Hand
Posts: 51
1
Redhat Notepad Fedora Linux
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
On Red Hat systems, you typically do this:

Temporary:



Permanently:



But i would strongly recommend not doing that, because lot of the security vulnerabilities in last year could have been prevented if SELinux was enabled!
 
Campbell Ritchie
Marshal
Posts: 69752
277
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
There are a few programs which require SELinux be disabled temporarily during the installation process, but as LM says, you should re‑enable it with sudo setenforce 1 (I think) immediately afterwads.
 
Campbell Ritchie
Marshal
Posts: 69752
277
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Slight digression: ML: How do you install and enable SELinux on an Ubuntu box? I tried

sudo apt install policycoreutils
// ...
sudo setenforce 1
[sudo] password for campbell:
setenforce: SELinux is disabled

I presume the bit about disabled means I have managed to install it.
 
Saloon Keeper
Posts: 22248
151
Android Eclipse IDE Tomcat Server Redhat Java Linux
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

Campbell Ritchie wrote:There are a few programs which require SELinux be disabled temporarily during the installation process, but as LM says, you should re‑enable it with sudo setenforce 1 (I think) immediately afterwads.



Unfortunately, there are a few programs that require SELinux to be disabled permanently. Or at least until someone comes up with a workable set of security rules for them.
 
Tim Holloway
Saloon Keeper
Posts: 22248
151
Android Eclipse IDE Tomcat Server Redhat Java Linux
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

Campbell Ritchie wrote:Slight digression: ML: How do you install and enable SELinux on an Ubuntu box? I tried

sudo apt install policycoreutils
// ...
sudo setenforce 1
[sudo] password for campbell:
setenforce: SELinux is disabled

I presume the bit about disabled means I have managed to install it.



This one confuses me. SELinux has been part of the base installation for Ubuntu for a long time now, although I don't recall if it's switched on by default. I'm thinking that it isn't, though.

Personally, I liked IBM's RACF. You could write a rule that said that file "Y" could only be updated by program "X" and only by persons in group "Z", but only on Friday afternoons from 1-3 pm and only from terminals in Building Q and you could tell that that was exactly how it would work. SELinux got its share I think from Multics, which was more abstract and apparently could only gain the sort of granularity I just described by using features that are not exploited on stock Linux setups.
 
Campbell Ritchie
Marshal
Posts: 69752
277
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

Tim Holloway wrote:. . . SELinux has been part of the base installation for Ubuntu for a long time now, although I don't recall if it's switched on by default. I'm thinking that it isn't, though. . . .

That appears correct; it appears to be switched off on my box.
 
Men call me Jim. Women look past me to this tiny ad:
Thread Boost feature
https://coderanch.com/t/674455/Thread-Boost-feature
    Bookmark Topic Watch Topic
  • New Topic