Wednesday, March 24, 2010

Disable SELinux

Error such as:

audit(1269456413.197:0): avc: denied { create } for pid=1850 exe=/sbin/syslogd scontext=user_u:system_r:syslogd_t tcontext=user_u:system_r:syslogd_t tclass=netlink_route_socket
audit(1269456413.197:0): avc: denied { create } for pid=1850 exe=/sbin/syslogd scontext=user_u:system_r:syslogd_t tcontext=user_u:system_r:syslogd_t tclass=netlink_route_socket
audit(1269458951.691:0): avc: granted { setenforce } for pid=3659 exe=/bin/bash scontext=root:system_r:unconfined_t tcontext=system_u:object_r:security_t tclass=security

which are:
audit ( ): avc: denied

is cause by selinux policy..

SELINUX= can take one of these three values:
enforcing - SELinux security policy is enforced.
permissive - SELinux prints warnings instead of enforcing.
disabled - SELinux is fully disabled.

Permanent disable selinux:
vi /etc/selinux/config
edit at the SELINUX value:
SELINUX=disabled

The value of the SELINUX can be enforcing, permissive or disabled. If by defaults when doing the installation, the SELINUX is enable, it will be enforcing.

For temporary disable the selinux:
echo 0 > /selinux/enforce

To enable back SELINUX:
echo 1 > /selinux/enforce

No comments: