On 30/09/10 3:21 AM, Simon Billis wrote:
You can use "setenforce 0" without the quotes to disable selinux from the command line till next reboot or until you issue "setenforce 1" - this is useful for testing as is looking at /var/log/audit/audit.log and also using commands such as audit2why and audit2allow (I strongly recommend reading at least the man pages and also such websites as http://www.nsa.gov/research/selinux/docs.shtml (google selinux))
In addition to that URL, this document (which I didn't see listed, probably due to the publication date) looks very useful:
http://www.nsa.gov/ia/_files/os/redhat/rhel5-guide-i731.pdf
I'd second reading as much as possible on SELinux before diving into it, as there are more than a few gotchas. Especially when enabling and disabling it and knowing when a reboot is necessary when enabling or re-enabling it.
Regards, Ben