[SOLVED] remove selinux...

gorogoren · #1 4th May 2012, 12:54 AM

Don't want disable it...I wanna to remove it...it's possible?

tia!

#2 4th May 2012, 01:14 AM

Quote:

Originally Posted by gorogoren

Don't want disable it...I wanna to remove it...it's possible?

tia!

why do you wanna remove it? thats a bit like asking " i wanna remove my firewall." just disable it.

hadrons123 · #3 4th May 2012, 02:58 AM

If you want it, you got it.

Quote:

yum remove selinux*

there you go.

gorogoren · #4 4th May 2012, 03:23 AM

Thx homie!

jpollard · #5 4th May 2012, 04:12 AM

Note: the kernel still has SELinux in there. And unless you compile a custom kernel it always will.

#6 4th May 2012, 08:38 AM

Quote:

Originally Posted by hadrons123

If you want it, you got it.

there you go.

That doesn't remove all of it.

Code:

 rpm -qa *\selinux\*
libselinux-2.1.6-6.fc16.i686
libselinux-python-2.1.6-6.fc16.x86_64
selinux-policy-targeted-3.10.0-84.fc16.noarch
libselinux-2.1.6-6.fc16.x86_64
libselinux-devel-2.1.6-6.fc16.x86_64
libselinux-utils-2.1.6-6.fc16.x86_64
selinux-policy-3.10.0-84.fc16.noarch

jpollard · #7 4th May 2012, 03:02 PM

Of course, the real question is: Why remove it?

hadrons123 · #8 4th May 2012, 03:24 PM

@yellowman
I believe the OP wanted to remove the GUI alerts and annoyances that comes out of a default SElinux setup and my method would remove exactly that.

but as jpollard says you cannot remove all the libs unless you compile the kernel without SElinux.

but I am not sure how much it would affect the security of the kernel or the applications that depend on the SElinux API.

gorogoren · #9 4th May 2012, 05:14 PM

libselinux wants to remove almost the whole system!

hadrons123 · #10 4th May 2012, 05:32 PM

Quote:

Originally Posted by gorogoren

libselinux wants to remove almost the whole system!

I wouldn't go that far. Now I wonder why you want remove SElinux. Is there any advantage to be gained by removing SElinux?

gorogoren · #11 4th May 2012, 06:21 PM

maybe U can help me pal...

2 things: how to speed up boot time and some tips to tweak the system for performance...

jpollard · #12 4th May 2012, 07:56 PM

Quote:

Originally Posted by gorogoren

libselinux wants to remove almost the whole system!

That is because a lot of the system uses the library. Removing the library would cause those services to fail...

SELinux adds only a few milliseconds to the boot time, mostly just to load the designated policy.

hadrons123 · #13 4th May 2012, 08:38 PM

Quote:

Originally Posted by gorogoren

maybe U can help me pal...

2 things: how to speed up boot time and some tips to tweak the system for performance...

Remove all the unwanted services by running system-config-services in terminal. read the man pages . might help a bit.

Magickman · #14 6th May 2012, 04:03 AM

Just do what I do. Log in as root, got to /etc/selinux/config and change it from the default "Targeted" to "Permissive" and reboot.

JuhaniJaakola · #15 6th May 2012, 09:54 AM

I've been using Red Hat and Fedora for ages and I feel that I have never had anything but trouble from selinux. I have got false alarms, selinux broke ppp and updating the packages selinux-policy and selinux-policy-targeted slows updating my system to the latest packages. So this is what I did:

1. Change SELINUX=disabled in /etc/sysconfig/selinux

2. Execute yum erase selinux-policy selinux-policy-doc selinux-policy-devel selinux-policy-targeted

This frees 38 MB in Fedora 17 and makes "yum update" faster and saves you from false alarms. You can't remove libselinux because of the dependencies, but it is not necessary to get rid of the worst problems of selinux.

I strongly suggest that selinux should be disabled by default in Fedora.

---------- Post added at 11:54 AM ---------- Previous post was at 10:07 AM ----------

In fact file /etc/sysconfig/selinux belongs to package selinux-policy. So if you remove selinux-policy it will be gone, and there is no use in changing it. Just ignore step 1 and execute step 2 in my post above.

Boot after step 2 and check that selinux is disabled. You should see this:

$ dmesg | grep -i selinux
[ 0.001224] SELinux: Initializing.
[ 0.001278] SELinux: Starting in permissive mode
[ 0.493303] SELinux: Registering netfilter hooks
[ 3.143814] SELinux: Disabled at runtime.
[ 3.143916] SELinux: Unregistering netfilter hooks
[ 3.190100] type=1404 audit(1336290660.693:2): selinux=0 auid=4294967295 ses=4294967295

The key line is "Disabled at runtime".

Another check is this:

$ if selinuxenabled; then echo enabled; else echo disabled; fi
disabled

It uses command selinuxenabled, which is in package libselinux-utils. This package is harmless and does not have to be erased.

Yet another update on file /etc/sysconfig/selinux: File /etc/sysconfig/selinux belongs to package selinux-policy, so it disappears when your remove that package. But /etc/sysconfig/selinux is just a symlink to file /etc/selinux/config - so make sure that it contains line "SELINUX=disabled". By the way, file /etc/selinux/config does not belong to any package after you remove selinux-policy! So you should edit /etc/selinux/config first and then remove the packages.