• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Ron McLeod
  • Rob Spoor
  • Tim Cooke
  • Junilu Lacar
Sheriffs:
  • Henry Wong
  • Liutauras Vilda
  • Jeanne Boyarsky
Saloon Keepers:
  • Jesse Silverman
  • Tim Holloway
  • Stephan van Hulst
  • Tim Moores
  • Carey Brown
Bartenders:
  • Al Hobbs
  • Mikalai Zaikin
  • Piet Souris

Disable Selinux Temporarily

 
Greenhorn
Posts: 11
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I want to dislabe SeLinux but this will be temporary where after reboot it should be enabled.
 
Marshal
Posts: 74004
332
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Sorry for delay in replying; I actually know this
See this link and use the setenforce command.
 
Author
Posts: 76
7
Redhat Notepad Fedora Linux
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
On Red Hat systems, you typically do this:

Temporary:



Permanently:



But i would strongly recommend not doing that, because lot of the security vulnerabilities in last year could have been prevented if SELinux was enabled!
 
Campbell Ritchie
Marshal
Posts: 74004
332
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
There are a few programs which require SELinux be disabled temporarily during the installation process, but as LM says, you should re‑enable it with sudo setenforce 1 (I think) immediately afterwads.
 
Campbell Ritchie
Marshal
Posts: 74004
332
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Slight digression: ML: How do you install and enable SELinux on an Ubuntu box? I tried

sudo apt install policycoreutils
// ...
sudo setenforce 1
[sudo] password for campbell:
setenforce: SELinux is disabled

I presume the bit about disabled means I have managed to install it.
 
Saloon Keeper
Posts: 24295
167
Android Eclipse IDE Tomcat Server Redhat Java Linux
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Campbell Ritchie wrote:There are a few programs which require SELinux be disabled temporarily during the installation process, but as LM says, you should re‑enable it with sudo setenforce 1 (I think) immediately afterwads.



Unfortunately, there are a few programs that require SELinux to be disabled permanently. Or at least until someone comes up with a workable set of security rules for them.
 
Tim Holloway
Saloon Keeper
Posts: 24295
167
Android Eclipse IDE Tomcat Server Redhat Java Linux
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Campbell Ritchie wrote:Slight digression: ML: How do you install and enable SELinux on an Ubuntu box? I tried

sudo apt install policycoreutils
// ...
sudo setenforce 1
[sudo] password for campbell:
setenforce: SELinux is disabled

I presume the bit about disabled means I have managed to install it.



This one confuses me. SELinux has been part of the base installation for Ubuntu for a long time now, although I don't recall if it's switched on by default. I'm thinking that it isn't, though.

Personally, I liked IBM's RACF. You could write a rule that said that file "Y" could only be updated by program "X" and only by persons in group "Z", but only on Friday afternoons from 1-3 pm and only from terminals in Building Q and you could tell that that was exactly how it would work. SELinux got its share I think from Multics, which was more abstract and apparently could only gain the sort of granularity I just described by using features that are not exploited on stock Linux setups.
 
Campbell Ritchie
Marshal
Posts: 74004
332
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Tim Holloway wrote:. . . SELinux has been part of the base installation for Ubuntu for a long time now, although I don't recall if it's switched on by default. I'm thinking that it isn't, though. . . .

That appears correct; it appears to be switched off on my box.
 
You showed up just in time for the waffles! And this tiny ad:
Building a Better World in your Backyard by Paul Wheaton and Shawn Klassen-Koop
https://coderanch.com/wiki/718759/books/Building-World-Backyard-Paul-Wheaton
reply
    Bookmark Topic Watch Topic
  • New Topic