SELinux
Napomena : sve se odnosi na CentOS 6.0
Kako isključiti SELinux, jer za ličnu upotrebu, on vam UOPŠTE ne treba.
SELinux can operate in any of the 3 modes :
1. Enforced : Actions contrary to the policy are blocked and a corresponding event is logged in the audit log.
2. Permissive : Actions contrary to the policy are only logged in the audit log.
3. Disabled : The SELinux is disabled entirely.
Nama treba opcija 3.
To check the current mode of SELinux :
# getenforce
Enforcing
Ili za detaljnije informacije :
# sestatus
SELinux status: enabled
SELinuxfs mount: /selinux –> virtual FS similar to /proc
Current mode: enforcing –> current mode of operation
Mode from config file: permissive –> mode set in the /etc/sysconfig/selinux file.
Policy version: 24
Policy from config file: targeted
Mod rada SELinux-a se može direktno podesiti u njegovom konfiguracionom fajlu /etc/sysconfig/selinux, i to zahteva reboot sistema :
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing – SELinux security policy is enforced.
# permissive – SELinux prints warnings instead of enforcing.
# disabled – No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of these two values:
# targeted – Targeted processes are protected,
# mls – Multi Level Security protection.
SELINUXTYPE=targeted
Takođe :
# cat /etc/grub.conf
……..
root (hd0,0)
kernel /vmlinuz-2.6.32-279.el6.x86_64 root=/dev/md3 selinux=0
initrd /initramfs-2.6.32-279.el6.x86_64.img
………
Editing the /etc/grub.conf file and adding the selinux=0 option to the booting option will disable SELinux at the booting. In this case the settings in /etc/sysconfig/selinux are ignored.
Ako stavka “selinux=0” ne postoji, samo je dodati na kraju, sa blanko space između.
Dobar link.