Disabling SELinux
Perhaps a weird chapter to begin with, but disabling SELinux is a commonly requested activity. Some vendors do not support their application to be running on a platform that has SELinux enabled. Luckily, this number is reducing.
SELinux supports three major states that it can be in: disabled, permissive, and enforcing. These states are by default set in the /etc/selinux/config file, through the SELINUX variable as follows:
$ grep ^SELINUX= /etc/selinux/config SELINUX=enforcing
When the system init triggers loading the SELinux policy, the code checks the state that the administrator has configured. The states are described as follows:
If the state is
disabled, then the SELinux code disables further support, making the system boot without activating SELinux.If the state is
permissive, then SELinux is active but will not enforce its policy on the system. Instead, any violations against the policy will be reported but remain allowed.If the state is
enforcing, then SELinux is...
