On Sat, Mar 14, 2009 at 3:52 PM, Russell Coker <russell@xxxxxxxxxxxx> wrote: > On Sun, 15 Mar 2009, Justin Mattock <justinmattock@xxxxxxxxx> wrote: >> I would just use selinux=0 enforcing=0 >> as a boot param(but If the system doesn't boot >> because of selinux=0) then enforcing=0 as a boot. > > I am not aware of any situation where "selinux=0" will make a machine fail to > boot. I've noticed this a while back as to where selinux=0 gave me an unable to mount root error(I'll have to see if this still happens). It might also be caused by having selinux=0 enforcing=0 as a boot param and having /etc/selinux/config(set in enforcing mode) but I'll have to look and see when I get a chance. > > Anyway the request was for a way to "temporarily disable SELinux", in that > case "selinux=0" is a bad idea as that will result in files without labels. > So "enforcing=0" is a much better option. agree > >> but then you still might receive a permissions denied >> due to /etc/selinux/config saying "enforcing" > > If there is a program that uses /etc/selinux/config without regard > to /selinux/whatever then it's probably buggy. Please file a bug report if > you discover such a program. I meant the option in /etc/selinux/config SELINUX=enforcing and/or permissive > >> (if this is the case then load a livecd mount the hard drive, >> and use vim to edit /etc/selinux/config, and /boot/grub/* to >> set everything in permissive. > > That's really not necessary. no its not, but sometimes I found myself in a situation as to using this approach helps out(that is depending how or what I did to the system to make it unbootable). > > -- > russell@xxxxxxxxxxxx > http://etbe.coker.com.au/ My Main Blog > http://doc.coker.com.au/ My Documents Blog > regards; -- Justin P. Mattock -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
