English
Ask Your Question
2

How to disable fedora 17 selinux?

asked 2012-07-02 07:56:40 +0000

this post is marked as community wiki

This post is a wiki. Anyone with karma >75 is welcome to improve it.

updated 2012-07-02 07:56:40 +0000

YumYumYum gravatar image

After installing Apache, Php, Mysql. I get always following:

$ service httpd status
Redirecting to /bin/systemctl  status httpd.service
httpd.service - The Apache HTTP Server (prefork MPM)
      Loaded: loaded (/usr/lib/systemd/system/httpd.service; disabled)
      Active: failed (Result: exit-code) since Mon, 02 Jul 2012 09:45:07 +0200; 5min ago
     Process: 32040 ExecStop=/usr/sbin/httpd $OPTIONS -k stop (code=exited, status=0/SUCCESS)
     Process: 32561 ExecStart=/usr/sbin/httpd $OPTIONS -k start (code=exited, status=1/FAILURE)
    Main PID: 24283 (code=exited, status=0/SUCCESS)
      CGroup: name=systemd:/system/httpd.service

Jul 02 09:45:07 example httpd[32561]: (13)Permission denied: make_sock: co...7
Jul 02 09:45:07 example httpd[32561]: no listening sockets available, shut...n
Jul 02 09:45:07 example httpd[32561]: Unable to open logs

To make it work, i need to do SELinux disable, but how do i do it? I have tried following:

$ vim /etc/selinux/config

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of these two values:
#     targeted - Targeted processes are protected,
#     minimum - Modification of targeted policy. Only selected processes are protected. 
#     mls - Multi Level Security protection.
SELINUXTYPE=targeted
  • Need to reboot once, but i just needed on the fly

    $ setenforce 0

Do we have any way like service selinux stop | start | restart simple way? or something like chkconfig selinux off

edit retag flag offensive close delete

Comments

2

The real question is "How to correctly set up SELinux". You should not desable it, unless for test purpose.

shaiton ( 2012-07-02 13:14:30 +0000 )edit

Perhaps - but one thing that a lot of Selinux proponents are missing is that it takes a long time to learn and configure, and when there is another job to do - it is simply an obstruction. Disabling remains the best option until the selinux-policy maintainers and other package maintainers can actually create a working solution between them.

dannystaple ( 2013-01-31 16:41:17 +0000 )edit

4 Answers

Sort by ยป oldest newest most voted
1

answered 2012-07-02 17:30:36 +0000

this post is marked as community wiki

This post is a wiki. Anyone with karma >75 is welcome to improve it.

updated 2012-07-02 17:31:13 +0000

Is very simple.

making backup

cp /etc/selinux/config /etc/selinux/config.bak

Disable SELinux

sed -i s/SELINUX=enforcing/SELINUX=disabled/g /etc/selinux/config

You can try PostInstallerF, its very simple disable or enable SELinux here http://sourceforge.net/projects/postinstaller/

edit flag offensive delete publish link more

Comments

What should I do if after applying your solution I still get SELinux messages and even errors? The only two non-commented lines in my '/etc/selinux/config' are 'SELINUX=permissive' and 'SELINUXTYPE=targeted '. I used FedoraUtils to set SEL to permissive mode right after I installed Fedora. Then I used your soultion, recently.

Bucic ( 2013-04-15 19:00:15 +0000 )edit
3

answered 2013-02-07 14:35:48 +0000

You should not need to disable or put the System into permissive mode to build a livecd. Do you have a bug report for this.

You should run with targeted policy since this is the most used. minimum, is just for people who want to experiment with SELinux.

SELinux is not a service, it is the way the kernel is configured and the way the system is labeled. Disabling SELinux requires a reboot. You can put the machine into permissive mode by executing setenforce 0.

Read danwalsh.livejournal.com for lots of Info on SELinux.

I would recommend you google for SELinux info using site:danwalsh.livejournal.com

edit flag offensive delete publish link more
1

answered 2012-12-24 15:23:26 +0000

macracan gravatar image

For better or worse, there are legitimate reasons to disable selinux. For instance, when creating a livecd image, one must disable selinux, or at least (I suspect) not have it enforcing. Ideally it would not have to be this way, but it is. So the choice is either disable selinux or don't get the job done. Hm...

edit flag offensive delete publish link more

Comments

You aren't giving an answer, and this isn't a discussion forum...

randomuser ( 2013-02-08 00:41:36 +0000 )edit
1

answered 2012-07-02 11:21:15 +0000

Akshay gravatar image

i recommend you to set selinux to permissive and SELINUXTYPE=minimum to know more on selinux go to https://fedoraproject.org/wiki/SELinux

edit flag offensive delete publish link more

Your answer

Please start posting your answer anonymously - your answer will be saved within the current session and published after you log in or create a new account. Please try to give a substantial answer, for discussions, please use comments and please do remember to vote (after you log in)!

Add answer

[hide preview]

Use your votes!

  • Use the 30 daily voting points that you get!
  • Up-vote well framed questions that provide enough information to enable people provide answers.
  • Thank your helpers by up-voting their comments and answers to your questions.
  • Down-voting might cost you karma, but you should consider doing so for incorrect or clearly detrimental questions and answers.

Question tools

Follow
1 follower

Stats

Asked: 2012-07-02 07:56:40 +0000

Seen: 40,604 times

Last updated: Feb 07 '13