Disable SeLinux permanently

centos6selinux

I am running a virtualbox CentOS 6.4 (64 bit) server with Cobbler service. One of the steps is to disable SeLinux in order to prevent a python error when running service cobblers start. If I run setenforce 0 everything is fine, but I have to run that command every time the server restarts. I tried changing /etc/sysconfig/selinux to SELINUX=disabled and also SELINUX=permissive before restarting, but sestatus keeps showing that centOS starts with selinux running. Do I need to change a different config file, or have I configured the selinux file incorrectly?

Youtube video showing selinux config file, rebooting and then checking status

Best Answer

you need to set it in /etc/selinux/config

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
SELINUX=permissive
# SELINUXTYPE= can take one of these two values:
#     targeted - Targeted processes are protected,
#     minimum - Modification of targeted policy. Only selected processes are protected. 
#     mls - Multi Level Security protection.
SELINUXTYPE=targeted

The correct location to pass selinux=0 as kernel boot paramater is in /etc/grub.conf

kernel /boot/vmlinuz-2.6.32-358.2.1.el6.x86_64 ro root=/dev/xvda1 rd_NO_LUKS rd_NO_LVM rd_NO_MD rd_NO_DM LANG=en_US.UTF-8 SYSFONT=latarcyrheb-sun16 KEYBOARDTYPE=pc KEYTABLE=us crashkernel=auto console=tty0 selinux=0

PS SELinux should be only set to permissive to debug a problem, run it in permissive see what gets logged to /var/log/audit.log fix the denials then switch it back to enforcing do not run it in permissive or disabled long term.

Related Topic