[CentOS] selinux policy remnant according to /bin/ls on CentOS 6.0 box

Tue Sep 20 18:14:21 UTC 2011
Jon Detert <jdetert at infinityhealthcare.com>

----- Original Message -----
> From: "James Edwards" <jedwards at bsdftw.org>
> To: centos at centos.org
> Sent: Tuesday, September 20, 2011 12:52:34 PM
> Subject: Re: [CentOS] selinux policy remnant according to /bin/ls on CentOS 6.0 box
> 
> On 9/20/2011 1:48 PM, Jon Detert wrote:
> > I installed CentOS 6.0 on 2 different x86_64 boxen.  Both
> > originally had selinux installed and enabled.  I never touched
> > selinux other than to remove as much of it as I could via rpm -e.
> >  As far as I can tell, here are the remaining packages that have
> > something to do with it:

-- snip --

> > However:
> >
> > 1) box1 still has files in /selinux whereas box2's /selinux is
> > empty;
> > 2) ls -l on box1 shows a '.' at the end of file/directory, which
> > means a SELinux security context applies, according to
> > https://fedoraproject.org/wiki/Fedora_11_FAQ#Why_does_ls_show_a_dot_.28..29_or_a_plus_.28.2B.29_at_the_end_on_the_file_modes_for_some_files.3F
> >
> > Any idea why box1 still seems to have an selinux policy applied,
> > and how to un-apply it?
> >
> > Thanks,
> >
> > Jon
> >
> Did you disable SELinux by changing 'SELINUX=disabled' in
> /etc/sysconfig/selinux?  Wouldn't that be easier than removing all

I did not do so explicitly.  But it is set to disabled as described above.
I assume the rpm -e did that.  So, there must be some other step missing.

As to that being easier: perhaps, had I known that file/setting existed.

> the
> RPMs?  If I may ask, is there a reason to removing the packages?

I do not plan to use them.

Less is more, right?