[CentOS] Completeley disabling SELinux?

Robert Nichols rnicholsNOSPAM at comcast.net
Sat Jan 24 05:39:14 UTC 2009


nate wrote:
> 
> I can certainly see value in SELinux in some environments, I have
> yet to operate one where it would provide value to me.

I find that SELinux runs in enforcing mode quite unobtrusively on my
laptop, where I'm running a pretty much out-of-the-box Fedora 10.
On my CentOS 5 desktop, though, forget it!  I'm doing too many
things like a dhclient-exit-hooks script that adjusts named.conf and
tells the daemon to reload, a script that saves some accounting info
when iptables is stopped, various cron jobs that invoke constrained
executables to do horrible things like write something to a file,
..., that sort of thing.  Every time I take a stab at enabling
SELinux in that environment and get close to figuring out enough
local policy adjustments and custom labeling to make it work, a
new release comes along and none of what I've done works any more.
On that system, all removable parts of SELinux have been removed,
and all security attributes have been purged from the filesystems.

-- 
Bob Nichols     "NOSPAM" is really part of my email address.
                 Do NOT delete it.



More information about the CentOS mailing list