If you choose to disable SELinux the following steps can be taken:
# sestatus
SELinuxstatus: disabled
2. If SELinux is not deactivated, deactivate it by editing the /etc/selinux/config file. As root, change the value of the SELINUX parameter in the config file as follows:
SELINUX=disabled
3. If the System Security Services Daemon (SSSD) is installed on your systems, edit the SSSD configuration file and set the selinux_provider parameter to none to prevent SELinux-related SSH authentication denials that could occur even with SELinux deactivated. As root, edit /etc/sssd/sssd.conf and add this parameter:
selinux_provider=none
4. Reboot the system to apply any changes that you made and verify that SELinux is deactivated.
If you choose to enable SELinux, the default configuration of SELinux is certified. The default SELinux mode is Enforcing mode. If you choose to customize SElinux beyond the defaults, you must test your configuration to ensure that there are no functionality or performance impacts to Greenplum Database. SELinux default settings appear like this:
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=enforcing
# SELINUXTYPE= can take one of these three values:
# targeted - Targeted processes are protected,
# minimum - Modification of targeted policy. Only selected processes are protected.
# mls - Multi Level Security protection.
SELINUXTYPE=targeted
If you choose to enable SELinux, the default configuration of SELinux is certified. The default SELinux mode is Enforcing mode. If you choose to customize SElinux beyond the defaults, you must test your configuration to ensure that there are no functionality or performance impacts to Greenplum Database. SELinux default settings appear like this: