[go: up one dir, main page]
|
|
Log in / Subscribe / Register

Disabling SELinux's runtime disable

Disabling SELinux's runtime disable

Posted Apr 20, 2023 15:16 UTC (Thu) by tialaramex (subscriber, #21167)
In reply to: Disabling SELinux's runtime disable by intelfx
Parent article: Disabling SELinux's runtime disable

No. You can change the enforcement decision at runtime, and change it back. In fact it's often worth going back into systems where somebody was confused and tried turning "off" SELinux to see if that would solve a problem they don't understand, so as to turn it back "on" again now that any problems have been actually fixed.

Like commented out code, disabled/ permissive SELinux settings in production servers are a bad smell. They say "I don't understand what I'm doing, I just tinker with things until they work and then I leave well alone and pray they keep working" which is presumably a fine way to be a cleric or a guru, but it's not engineering.

to post comments

Disabling SELinux's runtime disable

Posted Apr 20, 2023 15:45 UTC (Thu) by intelfx (subscriber, #130118) [Link]

> In fact it's often worth going back into systems where somebody was confused and tried turning "off" SELinux to see if that would solve a problem they don't understand, so as to turn it back "on" again now that any problems have been actually fixed.
>
> Like commented out code, disabled/ permissive SELinux settings in production servers are a bad smell. They say "I don't understand what I'm doing, I just tinker with things until they work and then I leave well alone and pray they keep working" which is presumably a fine way to be a cleric or a guru, but it's not engineering.

No contest here. I was just wondering if the enforcement setting and the runtime disable setting were one and the same.

Disabling SELinux's runtime disable

Posted Apr 20, 2023 18:12 UTC (Thu) by mattburgess (subscriber, #143223) [Link]

This is definitely QOTW material:

"I don't understand what I'm doing, I just tinker with things until they work and then I leave well alone and pray they keep working" which is presumably a fine way to be a cleric or a guru, but it's not engineering."


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds