I spend a bunch of time a while back learning how SELinux worked, and it definitely has some useful applications (especially with the tools that were recently added to assist with policy setup). On some of the hosts I support it is overkill, and I disable in one of my kickstart postinstall actions. To disable SELinux, you can change the SELINUX variable to disabled in /etc/selinux/config:
# This file controls the state of SELinux on the system. # SELINUX= can take one of these three values: # enforcing - SELinux security policy is enforced. # permissive - SELinux prints warnings instead of enforcing. # disabled - SELinux is fully disabled. SELINUX=disabled # SELINUXTYPE= type of policy in use. Possible values are: # targeted - Only targeted network daemons are protected. # strict - Full SELinux protection. SELINUXTYPE=targeted
If you are performing this action on a running host, you can save a reboot by using the setenforce utility to disable SELinux:
If I get some time in the next few weeks, I will clean up my SELinux notes and put them on the main prefetch.net home page.