Chinaunix首页 | 论坛 | 博客
  • 博客访问: 978365
  • 博文数量: 184
  • 博客积分: 10030
  • 博客等级: 上将
  • 技术积分: 1532
  • 用 户 组: 普通用户
  • 注册时间: 2005-12-27 18:32
文章分类

全部博文(184)

文章存档

2009年(1)

2008年(63)

2007年(39)

2006年(79)

2005年(2)

我的朋友

分类: LINUX

2008-05-28 08:40:47

Q. How do I disable SELinux enforcement?

A. Security-Enhanced Linux (SELinux) is security patch applied to Linux kernel. When enabled in the kernel it follows the the principle of least privilege. It is an implementation of mandatory access control using Linux Security Modules (LSM).

From Wikipeidia :
Security-enhanced Linux is a set of patches to the Linux kernel and some utilities to incorporate a strong, flexible mandatory access control (MAC) architecture into the major subsystems of the kernel. It provides a mechanism to enforce the separation of information based on confidentiality and integrity requirements, which allows threats of tampering and bypassing of application security mechanisms to be addressed and enables the confinement of damage that can be caused by malicious or flawed applications. It includes a set of sample security policy configuration files designed to meet common, general-purpose security goals.

But how do I turn it off or disable SELinux enforcement?

Selinux can be disabled by passing kernel boot parameters. You need to open grub.conf (menu.lst) or lilo.conf and append selinux=0:

For example here is my sample grub.conf file:
title Debian GNU/Linux, kernel 2.6.13-web100 Default
root (hd0,0)
kernel /boot/vmlinuz-2.6.13-web100 root=/dev/hdb1 ro selinux=0
initrd /boot/initrd.img-2.6.13-web100
savedefault
boot

Save file and reboot Linux system. Another option is use command

See also:

阅读(1822) | 评论(0) | 转发(0) |
给主人留下些什么吧!~~