On Thu, 2006-04-13 at 17:52 +0100, idonttrustmspassport@xxxxxxxxxxxxxxxx wrote: > Is it possible to remove SELinux completely during FC5 installation, or > even when installed? Disable, yes. Remove, no. > So far problems during YUM updates (It gives errors while installing > policies then freezes Yum) have destroyed my system twice. > (In both cases the system refuses to boot with an error "not syncing: > Attempting to kill init!". Hmm..well, more details wold be interesting as that should obviously not be happening and hasn't been reported elsewhere AFAIK. bugzilla even. > Passing a parm of selinux=disabled to the kernel allowed a boot, but all my > attempts to make this permanent then fail and I end up reinstalling and > reconfiguring. selinux=0 on the kernel line in grub.conf or SELINUX=disabled in /etc/selinux/config should do the trick. > I admit to being a newbie, I only started 10 years ago, *never* had > anything so good at locking down my PC, it seems to be a first class option > for DRM.. Um, no. MAC != DRM. > So, can I get rid of it completely, > 1) I tried uninstalling everything with SELinux in the name, interesting > effect try it one day when you have some time... Not feasible, as the SELinux kernel "module" is built into the kernel, and libselinux is a dependency for /sbin/init, coreutils, and other critical components. You can't remove the code without rebuilding everything, but you can disable its execution. > 2) Tried the gui tool, (as a minimum I thought I'd turn it to the lowest > level) it brings up a command prompt which freezes... > 3) Tried editing the files to disable it at reboot, fails with "file is > read only", chmod failed with "file is read only", chmod of the directory > failed with "read only".. Sound like the filesystem is mounted read-only, not SELinux-related at all. mount -o rw,remount /? If you booted with selinux=0, then SELinux is disabled. > Is there any chance that, as a minimum it could give an error message like > "SELinux configuration is corrupt, boot halted" as it took me a loooooong > time to figure out what was wrong... Hmmm.../sbin/init does contain a log call to output 'Unable to load SELinux Policy. Machine is in enforcing mode. Halting now.' Don't know if there is a problem that is preventing that from being displayed properly. > And is there a documented process to > handle a situation where the configuration is corrupted (accidentally or > during an update) and the whole system is locked? Boot with enforcing=0 is usually sufficient, or selinux=0 if that doesn't work. -- Stephen Smalley National Security Agency -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
