Hi all,
I've set SELinux to disabled using the security and firewall
widget but I'm still getting a lot of messages in Logwatch....
NULL security context for user, but SELinux in permissive mode, continuing ()
So it looks like SELinux is still operating. Can anyone tell me how to
turn it off completely? It's my development
server under my desk so I reallly don't care about security.
thanks
2009/1/23 Kevin Thorpe <kevin at pricetrak.com>:> Hi all, > I've set SELinux to disabled using the security and firewall > widget but I'm still getting a lot of messages in Logwatch.... > > NULL security context for user, but SELinux in permissive mode, continuing () > > So it looks like SELinux is still operating. Can anyone tell me how to > turn it off completely? It's my development > server under my desk so I reallly don't care about security.system-config-securitylevel selinux -> desactivated, disable (or something like that) and you won't hear from selinux anymore. Laurent.
On Fri, 2009-01-23 at 12:30 +0000, Kevin Thorpe wrote:> Hi all, > I've set SELinux to disabled using the security and firewall > widget but I'm still getting a lot of messages in Logwatch.... > > NULL security context for user, but SELinux in permissive mode, continuing () > > So it looks like SELinux is still operating. Can anyone tell me how to > turn it off completely? It's my development > server under my desk so I reallly don't care about security.---- changing mode doesn't take effect until next restart Craig
Kevin Thorpe wrote on Fri, 23 Jan 2009 12:30:58 +0000:> but SELinux in permissive modeYou didn't disable it, you set it to permissive (= report, but don't do anything). Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com
Kevin Thorpe wrote:> Hi all, > I've set SELinux to disabled using the security and firewall > widget but I'm still getting a lot of messages in Logwatch.... > > NULL security context for user, but SELinux in permissive mode, continuing () > > So it looks like SELinux is still operating. Can anyone tell me how to > turn it off completely? It's my development > server under my desk so I reallly don't care about security. > > thanksIt's on the Wiki: http://wiki.centos.org/HowTos/SELinux#head-430e52f7f8a7b41ad5fc42a2f95d3e495d13d348 Edit the SELINUX= line in /etc/selinux/config to 'disabled' (SELINUX=disabld) and reboot.
> So it looks like SELinux is still operating. Can anyone tell me how to > turn it off completely? It's my development > server under my desk so I reallly don't care about security.Add the text "selinux=0" without the quotes to the kernel line in your /etc/grub.conf and reboot.
Kevin Thorpe wrote:> Hi all, > I've set SELinux to disabled using the security and firewall > widget but I'm still getting a lot of messages in Logwatch.... > > NULL security context for user, but SELinux in permissive mode, continuing > () > > So it looks like SELinux is still operating. Can anyone tell me how to > turn it off completely? It's my development > server under my desk so I reallly don't care about security.I remove all of the selinux packages and disable it as well in packages I make sure are not installed via kickstart: CentOS 4.x libselinux libselinux-devel libsepol selinux-policy-targeted CentOS 5.x libselinux libselinux-devel libselinux-python libsemanage libsepol libsepol-devel selinux-policy selinux-policy-targeted on CentOS 4.x I also do this via kickstart: sed -i s'/SELINUX=enforcing/SELINUX=disabled'/g /etc/sysconfig/selinux as using kickstart's internal stuff to disable selinux didn't seem to do the job. nate
setenforce 0 2009/1/23 Kevin Thorpe <kevin at pricetrak.com>> Hi all, > I've set SELinux to disabled using the security and firewall > widget but I'm still getting a lot of messages in Logwatch.... > > NULL security context for user, but SELinux in permissive mode, continuing > () > > So it looks like SELinux is still operating. Can anyone tell me how to > turn it off completely? It's my development > server under my desk so I reallly don't care about security. > > thanks > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos >-- att. _ ?v? Thiago Avelino /(_)\ Programador | SysAdmin ^ ^ Celular: (11) 7660-2933 www.avelino.us | www.centos-br.org -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.centos.org/pipermail/centos/attachments/20090123/ce08cb0f/attachment-0003.html>
nate wrote:> Kevin Thorpe wrote: > packages I make sure are not installed via kickstart: > > CentOS 4.x > libselinux > libselinux-devel > libsepol > selinux-policy-targeted > > CentOS 5.x > libselinux > libselinux-devel > libselinux-python > libsemanage > libsepol > libsepol-devel > selinux-policy > selinux-policy-targetedAnd what does "rpm -q libselinux" say is installed on those systems? Hint: Well over half the packages in a typical installation, bring in libselinux as a direct or indirect dependency. -- Bob Nichols "NOSPAM" is really part of my email address. Do NOT delete it.
Hi, Probably not what you wanted to hear, but: On Fri, Jan 23, 2009 at 07:30, Kevin Thorpe <kevin at pricetrak.com> wrote:> It's my development server under my deskAnd how do you expect the things you develop to run under SELinux in production?> so I reallly don't care about security.Sounds bad. (Yes, I know it is out of context, but it is bad in any context.) If you develop for Linux, in particular for RHEL/CentOS 4 or 5, you should take the opportunity to learn more about SELinux and how to work with it. You can start here: http://wiki.centos.org/HowTos/SELinux This mailing list is also a great resource to answer any questions on problems related to SELinux. HTH, Filipe
Filipe Brandenburger wrote:> Hi, > > Probably not what you wanted to hear, but: > > On Fri, Jan 23, 2009 at 07:30, Kevin Thorpe <kevin at pricetrak.com> wrote: > >> It's my development server under my desk >> > > And how do you expect the things you develop to run under SELinux in production? > > >> so I reallly don't care about security. >> > > Sounds bad. (Yes, I know it is out of context, but it is bad in any context.) > > If you develop for Linux, in particular for RHEL/CentOS 4 or 5, you > should take the opportunity to learn more about SELinux and how to > work with it. > > You can start here: http://wiki.centos.org/HowTos/SELinux > >I totally agree but I haven't got time at the moment. -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.centos.org/pipermail/centos/attachments/20090126/80f9b1bf/attachment-0003.html>