Agnus Dei (jackal) wrote,
Agnus Dei
jackal

How to Disable SELinux (and remove the "dot" permissions)

Disabling SELinux

Check/Verify the SELinux current status


Run the following command:

sestatus

Example:


[root@osboxes]# sestatus
SELinux status:                 enabled

Disable SELinux on the server

Run the following commands:

sed -i "/SELINUX/  s/enforcing/disabled/" /etc/selinux/config 
reboot

Confirm SELinux is disabled


[root@osboxes]# sestatus
SELinux status:                 disabled

View SELinux permissions

SELinux context remains associated with files regardless whether or not SELinux is enabled.

If you want to see the actual SELinux context associated with the files you can use either of following commands


ls -Z 
ls --lcontext


Examples:


[root@osboxes rc.d]# cd /etc/rc.d/

[root@osboxes rc.d]# ls -alt
total 76
drwxr-xr-x. 121 root root 12288 Aug 15 00:41 ..
drwxr-xr-x.   2 root root  4096 Aug  6 07:33 rc0.d
drwxr-xr-x.   2 root root  4096 Aug  6 07:33 rc1.d
drwxr-xr-x.   2 root root  4096 Aug  6 07:33 rc2.d
...

[root@osboxes rc.d]# ls -Z 
drwxr-xr-x. root root system_u:object_r:etc_t:s0       init.d
-rwxr-xr-x. root root system_u:object_r:initrc_exec_t:s0 rc
drwxr-xr-x. root root system_u:object_r:etc_t:s0       rc0.d
drwxr-xr-x. root root system_u:object_r:etc_t:s0       rc1.d
drwxr-xr-x. root root system_u:object_r:etc_t:s0       rc2.d
...

[root@osboxes rc.d]# ls --lcontext 
total 60
drwxr-xr-x. 2 system_u:object_r:etc_t:s0       root root  4096 Aug  6 07:33 init.d
-rwxr-xr-x. 1 system_u:object_r:initrc_exec_t:s0 root root  2617 May 11 20:32 rc
drwxr-xr-x. 2 system_u:object_r:etc_t:s0       root root  4096 Aug  6 07:33 rc0.d
drwxr-xr-x. 2 system_u:object_r:etc_t:s0       root root  4096 Aug  6 07:33 rc1.d
drwxr-xr-x. 2 system_u:object_r:etc_t:s0       root root  4096 Aug  6 07:33 rc2.d
...

Remove SELinux permissions from files

SELinux context remains associated with files regardless whether or not SELinux is enabled.

If you are like me and you find the trailing "dot" annoying in the permissions, the following command will remove the dots (remove the SELinux context).


sudo setfattr -h -x security.selinux

Examples:


sudo setfattr -h -x security.selinux /home

find /home -print0 |xargs -0 -n 1 sudo setfattr -h -x security.selinux

find /home -exec sudo setfattr -h -x security.selinux {} \;

Subscribe

  • Post a new comment

    Error

    Anonymous comments are disabled in this journal

    switch
    default userpic

    Your reply will be screened

    Help
  • 0 comments