[CentOS] Possible to change selinux from permissive to disabled without rebooting?

Wed Oct 4 11:11:23 UTC 2006
Ian mu <mu.llamas at gmail.com>

Sorry, just to clarify the main bit I missed out somehow, if I change
Permissive to Disabled and don't touch the script, the script would still
run fine without the exec format error.

On 10/4/06, Ian mu <mu.llamas at gmail.com> wrote:
>
> Hiya, I tried to replicate as much of it as I could on my home pc and hit
> a few problems I hadn't initially thought about with selinux (it's pretty
> much my first experience with it, so I may be barking up the wrong tree as
> some of the scripts aren't mine). I can't replicate to be 100% sure, but the
> problems extremely similar.
>
> Basically to test, I used sudo (as quite a few of our scripts do) with
> permissive on. If a shell isn't specified in a script, test.sh is just
> something like echo "hello" with no #!/bin/bash at first (naturally sudoers
> file set up).
>
> sudo -H -u ian ./test.sh this will return with "sesh: Error execing
> ./test.sh: Exec format error
>
> If I add #!/bin/bash to the start it will be fine.
>
> I'm assuming here, the problem is with sudo using sesh and
> interaction with selinux. I had assumed permissive on was purely logging
> only and no difference in execution other than that. I'm also assuming this
> is by design, and not a bug (as the problem likely wouldn't be there with
> better designed scripts).
>
> Naturally some problems can be got around easily by just adding the shell,
> but there's a few where not so simple (original problem was with cron), so
> was looking for a quicker fix to temp get them working by turning permissive
> off.
>
> Thanks, Ian
>
>
>
>
> On 10/3/06, Karanbir Singh <mail-lists at karan.org> wrote:
> >
> > Ian mu wrote:
> > > Hiya all,
> > >
> > > After some problems the other day, I've tracked down a problem I've
> > been
> > > having fairly definitely to selinux being on in permissive mode.
> > > sestatus shows it enabled and permissive.
> >
> > how did you track the problem down to being a SELinux in permissive mode
> > ?
> >
> > and no, afaik, you cant move from permissive to disabled, since selinux
> > code comes down from kernelspace.
> >
> > --
> > Karanbir Singh : http://www.karan.org/ : 2522219 at icq
> > _______________________________________________
> > CentOS mailing list
> > CentOS at centos.org
> > http://lists.centos.org/mailman/listinfo/centos
> >
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.centos.org/pipermail/centos/attachments/20061004/f72162ec/attachment-0005.html>