Chapter 5. Controlling and Maintaining SELinux


65


warning: /etc/selinux/targeted/policy/policy.18 created as \


/etc/selinux/targeted/policy/policy.18.rpmnew


2:selinux policy targeted########################## [100%]


mv /etc/selinux/targeted/policy/policy.18.rpmnew \


/etc/selinux/targeted/policy/policy.18


Otherwise, install the new policy source and load a new policy.


This situation occurs as a protection against an updated policy package overwriting a custom binary


policy. Future policy packages will address this challenge further.


If you want to deploy a custom binary policy, read Section 8.4 Deploying Customized Binary Policy.


5.2.6. Backup and Restore the System


Refer to the explanation in Section 5.1.4 Make Backups or Archives That Retain Security Contexts.


5.2.7. Enable or Disable Enforcement


You can enable and disable SELinux enforcement in runtime or configure it for system boot, using the


command line or GUI. There are three modes for SELinux to be in: disabled, meaning not enabled


in the kernel; permissive, meaning SELinux is running and logging but not controlling permissions;


enforcing, meaning SELinux is running and enforcing policy.


To toggle enforcement during runtime, use the


setenforce [ 0 | 1 ]


command. The


0


option


turns enforcement off, the


1


option turns it on.


# sestatus informs you of the two permission mode statuses,


# the current mode in runtime and the mode from the config


# file referenced during boot:


sestatus | grep  i mode


Current mode:


permissive


Mode from config file:


permissive


# Changing the runtime enforcement doesn't effect the


# boot time configuration:


setenforce 1


sestatus | grep  i mode


Current mode:


enforcing


Mode from config file:


permissive


However, you may be looking for something more subtle. For example, if you are having trouble with


named


and SELinux, you can turn off enforcing for just that daemon:


# This gets the current status of the Boolean:


getsebool named_disable_trans


named_disable_trans   > inactive


# This sets the runtime value only.


To flush the pending


# value to disk use the  P option.


setsebool named_disable_trans 1


getsebool named_disable_trans


named_disable_trans   > active








footer






  


 


 


        

 


 

  

    

      
      
 Home 
      | About Us | Network 
      | Services | Support 
      | FAQ | Control Panel 
      | Order Online |
      Sitemap | Contact

      

      adult web hosting

      
 

    

  

  




Our partners: 
PHP: Hypertext Preprocessor Best Web Hosting
Java Web Hosting
Inexpensive Web Hosting 
Jsp Web Hosting 




Cheapest Web Hosting
Jsp Hosting
Cheap Hosting



Visionwebhosting.net Business web hosting division of Web 
Design Plus. All rights reserved