top button
Flag Notify
    Connect to us
      Site Registration

Site Registration

When does echo 0 > /selinux/inforce need to be used?

+1 vote
543 views

When does echo 0 > /selinux/inforce need to be used? I.e., where is selinux enforcing itself on the system to protect it? When I do yum install of some package, it seems to work (not being blocked). When would doing something not work because selinux is watching it (or whatever that process is doing)?

posted Nov 5, 2013 by Garima Jain

Share this question
Facebook Share Button Twitter Share Button LinkedIn Share Button
It changes selinux mode from enforcing to permissive, which means it still complains, but lets the processes run anyway.
The most common scenario for selinux problems is when you change default  locations for something, for instance, putting a postgresql database cluster on a different path than /var/lib/postgresql/x.y/data, or have
users with home directories other than /home/$USER

If you do something like this and get weird errors, you can set selinux to permissive, and see your thing works. if so, analyze the selinux error logs to see what corrective action you need (typically, relabeling
the unusual location for whatever it is).

2 Answers

+1 vote

This is an extra security mechanism used in unix like OS for accessing any file in the system.it is also like proc file system.

To check the status u can use command sestatus -v .It will show the status whether it is Disabled/ Permissive/Enforced Mode.

Disabled mode - When any application wants to use any file, it will not take extra security care and gives access to use it.
Enforced Mode - Here the application sends a request to selinux security server and it checks access vector cache (AVC), where subject and object permissions are cached previously.

Permissive mode - Here It dont enforce policy but logs the warning messages about the deny of permission.

so using the configuration files present in /selinux we can change the modes of operation.

echo 0 > /selinux/inforce - Permissive Mode
echo 1 > /selinux/inforce - Enforced Mode
But all changes is temporary so it changes after restart the system to default.

To make it permanent
we can change in the /etc/selinux/config file
SELINUX=disabled or enabled

For more you can also refer explained beautifully
http://www.centos.org/docs/5/html/Deployment_Guide-en-US/ch-selinux.html

answer Nov 6, 2013 by Sachidananda Sahu
+1 vote

I did a google search on "disable selinux" and got this on the first hit:
http://www.crypt.gen.nz/selinux/disable_selinux.html

Seems pretty straight forward.

answer Nov 6, 2013 by Sanketi Garg
Similar Questions
+2 votes

Ever since a recent update, when I close the lid of my thinkpad, it does not go to sleep. When I unlock the screen, I see a desktop notification saying something like this:

 Power Manager
 GDBus.Error:org.freedesktop.DBus.error.accessdenied:  SELinux policy denies access.

Strangely though, I can not find any SELinux alerts in the troubleshooter. Looking at the updated packages, I find this:
selinux-policy-3.13.1-128.13.fc22.noarch. What is going on? How can I debug this to file a bug report?

+2 votes

I'd like to change from Samba 3.0.33 to 3.6.6. Reason: WINDOWS 7 and PDC

Is something to consider when changing (config-Files or so on)? Have I to uninstall Samba 3.0.33 before or just run an update?

...