How to Deactivate or Configure SELinux
search cancel

How to Deactivate or Configure SELinux

book

Article ID: 379986

calendar_today

Updated On:

Products

VMware Tanzu Greenplum

Issue/Introduction

Deactivate or Configure SELinux

If you choose to disable SELinux the following steps can be taken:

  1. As the root user, check the status of SELinux:

# sestatus
SELinuxstatus: disabled

      2. If SELinux is not deactivated, deactivate it by editing the /etc/selinux/config file. As root, change the value of the SELINUX parameter in the config file as follows:

SELINUX=disabled

     3. If the System Security Services Daemon (SSSD) is installed on your systems, edit the SSSD configuration file and set the selinux_provider parameter to none to prevent SELinux-related SSH authentication denials that could occur even with SELinux deactivated. As root, edit /etc/sssd/sssd.conf and add this parameter:

selinux_provider=none

     4. Reboot the system to apply any changes that you made and verify that SELinux is deactivated.

If you choose to enable SELinux, the default configuration of SELinux is certified. The default SELinux mode is Enforcing mode.  If you choose to customize SElinux beyond the defaults, you must test your configuration to ensure that there are no functionality or performance impacts to Greenplum Database.  SELinux default settings appear like this:

 

# This file controls the state of SELinux on the system.

# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.

SELINUX=enforcing

# SELINUXTYPE= can take one of these three values:
#     targeted - Targeted processes are protected,
#     minimum - Modification of targeted policy. Only selected processes are protected.
#     mls - Multi Level Security protection.

SELINUXTYPE=targeted

Resolution

If you choose to enable SELinux, the default configuration of SELinux is certified. The default SELinux mode is Enforcing mode.  If you choose to customize SElinux beyond the defaults, you must test your configuration to ensure that there are no functionality or performance impacts to Greenplum Database.  SELinux default settings appear like this: