quick-docs/modules/ROOT/pages/_partials/proc_disabling-selinux.adoc
2018-07-27 18:53:34 +02:00

38 lines
1.6 KiB
Text
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

// Module included in the following assemblies:
//
// changing-selinux-states-and-modes.adoc
[#{context}-Enabling_and_Disabling_SELinux-Disabling_SELinux]
= Disabling SELinux
When SELinux is disabled, SELinux policy is not loaded at all; it is not enforced and AVC messages are not logged. Therefore, all benefits of running SELinux listed in link:https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/selinux_users_and_administrators_guide/chap-security-enhanced_linux-introduction#sect-Security-Enhanced_Linux-Introduction-Benefits_of_running_SELinux[Benefits of SELinux] are lost.
[IMPORTANT]
====
It is recommended to use permissive mode instead of permanently disabling SELinux. See <<{context}-changing-to-permissive-mode>> for more information about permissive mode.
====
To permanently disable SELinux, follow the procedure below:
. Configure [option]`SELINUX=disabled` in the `/etc/selinux/config` file:
+
----
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=pass:quotes[*disabled*]
# SELINUXTYPE= can take one of these two values:
# targeted - Targeted processes are protected,
# mls - Multi Level Security protection.
SELINUXTYPE=targeted
----
. Reboot your system. After reboot, confirm that the [command]`getenforce` command returns `Disabled`:
+
----
`~]$`pass:attributes[{blank}] pass:attributes[{blank}][command]`getenforce`
Disabled
----