[CentOS] echo 0> /selinux/enforce

Tue Nov 5 22:46:47 UTC 2013
Wes James <comptekki at gmail.com>

On Tue, Nov 5, 2013 at 3:38 PM, <m.roth at 5-cent.us> wrote:

> John R Pierce wrote:
> > On 11/5/2013 2:15 PM, m.roth at 5-cent.us wrote:
> >> Wes James wrote:
> >>> >When does echo 0 > /selinux/inforce need to be used?  I.e., where is
> >>> >selinux enforcing itself on the system to protect it?  When I do yum
> >>> >install of some package, it seems to work (not being blocked).  When
> >>> would doing something not work because selinux is watching it (or
> whatever
> >>> that process is doing)?
> >>> >
> >> It changes selinux mode from enforcing to permissive, which means it
> >> still complains, but lets the processes run anyway.
> >
> > the most common scenario for selinux problems is when you change default
> > locations for something, for instance, putting a postgresql database
> > cluster on a different path than /var/lib/postgresql/x.y/data, or have
> > users with home directories other than /home/$USER
> >
> > if you do something like this and get weird errors, you can set selinux
> > to permissive, and see your thing works.  if so, analyze the selinux
> > error logs to see what corrective action you need (typically, relabeling
> > the unusual location for whatever it is).
> Or you might need to create special local policies for software in
> non-standard (but standard for your work environment) locations, or for
> local or third party software that was written in total ignorance or
> disregard of selinux (such as from CA, or Matlab...), or, in some cases,
> just leave it in permissive mode.
>      mark "NOT a fan of selinux, dealt with it far too much"
OK.  Why not use some other linux that doesn't use selinux then?  I guess
in permissive mode, you could still monitor the logs and take action, if