Disabling SELinux
Check/Verify the SELinux current status
Run the following command:
sestatus
Example:
[root@osboxes]# sestatus
SELinux status: enabled
Disable SELinux on the server
sed -i "/SELINUX/ s/enforcing/disabled/" /etc/selinux/config
reboot
Confirm SELinux is disabled
[root@osboxes]# sestatus
SELinux status: disabled
View SELinux permissions
SELinux context remains associated with files regardless whether or not SELinux is enabled.
If you want to see the actual SELinux context associated with the files you can use either of following commands
ls -Z
ls --lcontext
Examples:
[root@osboxes rc.d]# cd /etc/rc.d/
[root@osboxes rc.d]# ls -alt
total 76
drwxr-xr-x. 121 root root 12288 Aug 15 00:41 ..
drwxr-xr-x. 2 root root 4096 Aug 6 07:33 rc0.d
drwxr-xr-x. 2 root root 4096 Aug 6 07:33 rc1.d
drwxr-xr-x. 2 root root 4096 Aug 6 07:33 rc2.d
...
[root@osboxes rc.d]# ls -Z
drwxr-xr-x. root root system_u:object_r:etc_t:s0 init.d
-rwxr-xr-x. root root system_u:object_r:initrc_exec_t:s0 rc
drwxr-xr-x. root root system_u:object_r:etc_t:s0 rc0.d
drwxr-xr-x. root root system_u:object_r:etc_t:s0 rc1.d
drwxr-xr-x. root root system_u:object_r:etc_t:s0 rc2.d
...
[root@osboxes rc.d]# ls --lcontext
total 60
drwxr-xr-x. 2 system_u:object_r:etc_t:s0 root root 4096 Aug 6 07:33 init.d
-rwxr-xr-x. 1 system_u:object_r:initrc_exec_t:s0 root root 2617 May 11 20:32 rc
drwxr-xr-x. 2 system_u:object_r:etc_t:s0 root root 4096 Aug 6 07:33 rc0.d
drwxr-xr-x. 2 system_u:object_r:etc_t:s0 root root 4096 Aug 6 07:33 rc1.d
drwxr-xr-x. 2 system_u:object_r:etc_t:s0 root root 4096 Aug 6 07:33 rc2.d
...
Remove SELinux permissions from files
SELinux context remains associated with files regardless whether or not SELinux is enabled.
If you are like me and you find the trailing "dot" annoying in the permissions, the following command will remove the dots (remove the SELinux context).
sudo setfattr -h -x security.selinux
Examples:
sudo setfattr -h -x security.selinux /home
find /home -print0 |xargs -0 -n 1 sudo setfattr -h -x security.selinux
find /home -exec sudo setfattr -h -x security.selinux {} \;