SELinux In CentOS 6

Home » CentOS » SELinux In CentOS 6
CentOS 7 Comments

It keeps butting in when I try to install map software from Garmin under Wine. I’m not nearly competent not willing to apply the remedy it suggests. How do I get to someplace where I can disable it, or at least set it to permissive?

7 thoughts on - SELinux In CentOS 6

  • John Doe wrote:

    As others have said, edit /etc/selinux/config as root & set to permissive as opposed to enforcing & then reboot for the changes to take effect.

    It’s not a good idea to disable it completely due to the kernel & labels
    & so on but if you’re on a home network on a private LAN behind a NAT
    router, setting permissive shouldn’t cause you any security problems.

    Cheers,

    Phil…

  • Unless you are switching between permissive/enforcing and disabled (or vice-versa) you done need a reboot – just use setenforce to change the running behaviour…

    Also as usual in the redhat world look to /ets/sysconfig/selinux … although in this case that’s just a symlink to /etc/selinux/config I
    have been tripped up on more than one occasion with only editing stuff in /etc and then wondering why behaviour is not as expected… and as such find it good practice to get in the habit of checking
    /etc/sysconfig before doing straight to the other /etc/
    files….

  • What is setroubleshoot suggesting? Wine requires you to turn on the mmap boolean.
    —–BEGIN PGP SIGNATURE—

  • If you temporarily want SELinux permissive and plan on fixing it with a custom policy module, run `setenforce 0`. Check to see the SELinux status with `getenforce`. And you can check /var/log/audit/audit.log to see what SELinux is saying.

    I’m more inclined these days to put together policy modules rather than _forever_ setting it to permissive (unless you get logwatch reports on it, SELinux might as well be disabled completely).

    Set SELinux to permissive, get your application configured and working, then come back and use the items logged while set to permissive to generate a policy module.

    —~~.~~-

  • Phil Dobbin wrote:

    Or, if you don’t want to reboot just now, as root, run setenforce 0, or echo 0 > /selinux/enforce, which will set it to permissive.

    mark

LEAVE A COMMENT