50.2.7. Enable or Disable SELinux
Changes you make to files while SELinux is disabled may give them an unexpected security label, and new files will not have a label. You may need to relabel part or all of the file system after re-enabling SELinux.
From the command line, you can edit the
/etc/sysconfig/selinuxfile. This file is a symlink to
/etc/selinux/config. The configuration file is self-explanatory. Changing the value of
SELINUXTYPEchanges the state of SELinux and the name of the policy to be used the next time the system boots.
cat /etc/sysconfig/selinux# This file controls the state of SELinux on the system. # SELINUX= can take one of these three values: # enforcing - SELinux security policy is enforced. # permissive - SELinux prints warnings instead of enforcing. # disabled - SELinux is fully disabled. SELINUX=permissive # SELINUXTYPE= type of policy in use. Possible values are: # targeted - Only targeted network daemons are protected. # strict - Full SELinux protection. SELINUXTYPE=targeted # SETLOCALDEFS= Check local definition changes SETLOCALDEFS=0
Changing the Mode of SELinux Using the GUI
Use the following procedure to change the mode of SELinux using the GUI.
You need administrator privileges to perform this procedure.
- On the System menu, point to Administration and then click Security Level and Firewall to display the Security Level Configuration dialog box.
- Click the SELinux tab.
- In the SELinux Setting select either
Permissive, and then click OK.
- If you changed from
Disabledor vice versa, you need to restart the machine for the change to take effect.
Changes made using this dialog box are immediately reflected in