On Fri, Nov 9, 2018 at 2:36 AM Ed Greshko <ed.gres...@greshko.com> wrote: > > >>> In my experience, no, permissive mode does not disable all of SELinux's > >>> blocks, and _especially_ stuff having to to with networking (including > >>> pipes). It's always bothered me. > >> Interesting. I've not run into this problem > >> > >> Well, doing "selinux=0" on the kernel parameters at reboot will then > >> totally disable > >> selinux to test. > > I did reboot with > > > > selinux=0 > > > > but > > > > # sestatus > > SELinux status: enabled > > SELinuxfs mount: /sys/fs/selinux > > SELinux root directory: /etc/selinux > > Loaded policy name: targeted > > Current mode: enforcing > > Mode from config file: enforcing > > Policy MLS status: enabled > > Policy deny_unknown status: allowed > > Memory protection checking: actual (secure) > > Max kernel policy version: 31 > > # > > > > A mystery! > > Really? > > What does "cat /proc/cmdline" show? > > It should be similar to... > > [root@f29b-xfce grub2]# cat /proc/cmdline > BOOT_IMAGE=/vmlinuz-4.18.12-300.fc29.x86_64 > root=/dev/mapper/fedora_f29b--xfce-root ro > resume=/dev/mapper/fedora_f29b--xfce-swap rd.lvm.lv=fedora_f29b-xfce/root > rd.lvm.lv=fedora_f29b-xfce/swap rhgb quiet LANG=en_US.UTF-8 selinux=0 > > [root@f29b-xfce grub2]# sestatus > SELinux status: disabled >
Thanks, Ed. I may have done something wrong. Anyway, I end up following a different path: Using the Selinux config file, as detailed at: https://docs.fedoraproject.org/en-US/Fedora/11/html/Security-Enhanced_Linux/sect-Security-Enhanced_Linux-Enabling_and_Disabling_SELinux-Disabling_SELinux.html Paul _______________________________________________ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
