How To Check SELinux Status (NO GUI)
 

Is it possible to run a command on the CLI to check the status of SELinux w/o having to run "system-config-securitylevel"?

cat /etc/sysconfig/selinux

Thanks!

I also found the command

That is also very simple.

Thank you!

You can also change the policy live like this:

setenforce 0 'to disable
setenforce 1 'to enable

Very practical on a production server when you can't edit /etc/selinux/config and reboot the machine.

Cheers,

But I thought it would still require a reboot to take effect, no?

No, setenforce is only valid up until the next boot (ie once you reboot the status will revert to system settings)

Here is the way to disable selinux:

1-Edit /etc/selinux/config and set the SELINUX variable to 'disabled'
2-Use the setenforce command to disable on-the-fly

With solution 1, your changes are permanent but only effective if you reboot the machine.

With solution 2, your changes are NOT permanent but effective immediately.

Hope this clears it up :-).

opinion
 

Ondough my opinion is selinux in grub is disabled by setting enforcing 0

my thinking say's to me it is Verry important,
for to no sure reasons to set

afther i done this

selinux takes a "long" time to relable the whole system

whit a cup of coffee 8)

using the same filetype

To quickly check if SELinux is running use the following command.

well it is such a hell to get vmware working again that i considert disabeling selinux fully


getenforce
Disabled

but relabeling is not an option on the disable option???
???
???

reboot is not relabeling!?

i say to myself this is a forced way to MUST use SELinux

remove selinux
or you try yum remove akonadi or selinux?

it try's to remove half the system!??

and what is national rational doing internationaly?

*** DO NOT UNINSTALL ANY SELINUX PACKAGES ***

Why would you want to disable or remove SELinux in the first place? It's put on the systems for a reason - to protect your data. I would first recommend simply learning the basics and keep your boxes running in "enforcing mode". If you absolutely *MUST* disable SELinux you can do so like this.


The SELinux config file is here: First you must edit the SELinux config file and change the "SELINUX=enforcing" to:
Reboot

* Please note *

You don't have to relabel the OS once you disable SELinux and reboot. The system would automatically have to relabel the FS if you were to turn SELinux back on and reboot. Albeit if you *MUST* relabel the entire FS, I suggest using the trick similar to "forcefsck".

Run this command and reboot:

Ok yankyou

Remember that posting exact error messages usually gets you more precise answers.

Type: