|Main Archive Page > Month Archives > selinux archives|
On Fri, Mar 13, 2009 at 5:36 PM, Martin Orr <firstname.lastname@example.org> wrote:
> On 13/03/09 12:42, Stephen Smalley wrote:
>> On Fri, 2009-03-13 at 12:25 +0000, Paul Cocker wrote:
>>> Running SELinux on a CentOS 5.2 box, Im trying to temporarily disable
>>> SELinux via one of the following methods:
>>> 1. sudo echo 0 > /selinux/enforce
>> Typically one would run the setenforce 0 command, but that is equivalent
>> to what you are doing above.
> This isn't true because the redirection will be interpreted by the non-root
> shell. You should either do:
> sudo setenforce 0
> as Stephen suggests, or if you really want to,
> sudo sh -c "echo 0 > /selinux/enforce"
>>> 2. sudo vim /selinux/enforce
>>> The first comes back with
>>> -bash: /selinux/enforce: Permission denied
>> This means that your SELinux policy prevented you from changing the
>> enforcing status. What context are you operating in (id -Z)? What
>> context is sudo running the command in (sudo id -Z)?
> No, I think it is DAC because the shell will attempt to open
> /selinux/enforce before running sudo.
> Best wishes,
> Martin Orr
> This message was distributed to subscribers of the selinux mailing list.
> If you no longer wish to subscribe, send mail to email@example.com with
> the words "unsubscribe selinux" without quotes as the message.
I would just use selinux=0 enforcing=0
as a boot param(but If the system doesn't boot because of selinux=0) then enforcing=0 as a boot. but then you still might receive a permissions denied due to /etc/selinux/config saying "enforcing" (if this is the case then load a livecd mount the hard drive, and use vim to edit /etc/selinux/config, and /boot/grub/* to set everything in permissive. -- Justin P. Mattock -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to firstname.lastname@example.org with the words "unsubscribe selinux" without quotes as the message.