50.2.7. Enable or Disable SELinux
Important
Changes you make to files while SELinux is disabled may give them an unexpected security label, and new files will not have a label. You may need to relabel part or all of the file system after re-enabling SELinux.
From the command line, you can edit the
/etc/sysconfig/selinux file. This file is a symlink to /etc/selinux/config. The configuration file is self-explanatory. Changing the value of SELINUX or SELINUXTYPE changes the state of SELinux and the name of the policy to be used the next time the system boots.
~]# cat /etc/sysconfig/selinux
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - SELinux is fully disabled.
SELINUX=permissive
# SELINUXTYPE= type of policy in use. Possible values are:
# targeted - Only targeted network daemons are protected.
# strict - Full SELinux protection.
SELINUXTYPE=targeted
# SETLOCALDEFS= Check local definition changes
SETLOCALDEFS=0Changing the Mode of SELinux Using the GUI
Use the following procedure to change the mode of SELinux using the GUI.
Note
You need administrator privileges to perform this procedure.
- On the menu, point to and then click to display the Security Level Configuration dialog box.
- Click the SELinux tab.
- In the SELinux Setting select either
Disabled,EnforcingorPermissive, and then click . - If you changed from
EnabledtoDisabledor vice versa, you need to restart the machine for the change to take effect.
Changes made using this dialog box are immediately reflected in
/etc/sysconfig/selinux.
