[CentOS] echo 0> /selinux/enforce

Tue Nov 5 22:38:56 UTC 2013
m.roth at 5-cent.us <m.roth at 5-cent.us>

John R Pierce wrote:
> On 11/5/2013 2:15 PM, m.roth at 5-cent.us wrote:
>> Wes James wrote:
>>> >When does echo 0 > /selinux/inforce need to be used?  I.e., where is
>>> >selinux enforcing itself on the system to protect it?  When I do yum
>>> >install of some package, it seems to work (not being blocked).  When
>>> would doing something not work because selinux is watching it (or
whatever
>>> that process is doing)?
>>> >
>> It changes selinux mode from enforcing to permissive, which means it
>> still complains, but lets the processes run anyway.
>
> the most common scenario for selinux problems is when you change default
> locations for something, for instance, putting a postgresql database
> cluster on a different path than /var/lib/postgresql/x.y/data, or have
> users with home directories other than /home/$USER
>
> if you do something like this and get weird errors, you can set selinux
> to permissive, and see your thing works.  if so, analyze the selinux
> error logs to see what corrective action you need (typically, relabeling
> the unusual location for whatever it is).

Or you might need to create special local policies for software in
non-standard (but standard for your work environment) locations, or for
local or third party software that was written in total ignorance or
disregard of selinux (such as from CA, or Matlab...), or, in some cases,
just leave it in permissive mode.

     mark "NOT a fan of selinux, dealt with it far too much"