[CentOS] echo 0> /selinux/enforce

Wed Nov 6 15:23:56 UTC 2013
Daniel J Walsh <dwalsh at redhat.com>

Hash: SHA1

On 11/05/2013 05:13 PM, Wes James wrote:

First you should use setenforce 0/setenforce 1.

Theoretically never.  It should really be discouraged.  It is like the
Enterprise bringing it "Shields" down.

SELinux in permissive mode will continue to do access checks but just logs
them but does not block access.

SELinux blocks "confined" processes, but usually does not block the
administrator who is running as unconfined_t, and is allowed to do everything
he could do if SELinux was disabled.

Confined processes are targeted to system services. Stuff that is started at
boot versus processes started by a logged in user.

I blog on the topic alot at danwalsh.livejournal.com

BTW,  When do I need to setenforce 0?

SELinux is a labeling system, if your labels get screwed up, you might need to
setenforce 0 to get the system to run.  Commands like restorecon/fixfiles can
be used to restore the labels on your system to the default.

Version: GnuPG v1.4.15 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/