This post describes what SELinux is and how you can disable it on Fedora 26 if you need to.<\/p>\n
<\/p>\n
SELinux stands for Security Enhanced Linux and it is an additional layer of security on your computer.<\/p>\n
At a basic level, it runs in the kernel and acts to determine what programs are allowed to access on the computer. For example a webserver may be set up so that it is only allowed to access port 80 by default. This then provides security as programs that are not typically meant to be accessing specific ports\/programs\/files are forbidden from doing so.<\/p>\n
SELinux provides a large number of defaults for programs, ports and files to prevent this unauthorized access. These defaults are configured by the operating system and are a set of rules which can be turned on and off. In some cases these rules may need to be configured to allow a program to run unhindered by a SELinux policy.<\/p>\n
Since the defaults will work for the majority of users they will typically not need to be changed. On a desktop computer these checks should not impact the performance.<\/p>\n
To see if SELinux is running you can use the Here I have run it on my Fedora 26 installation and it is reporting that it is enabled and therefore active.<\/p>\n If you are setting up a new service or program SELinux might limit its access to something it needs. If this is the case SELinux may need to be tweaked to allow your program to run.<\/p>\n Typical error messages may be that the program cannot access files it needs. This might occur if SELinux has forbidden access to the files your program is trying to access.<\/p>\n If SELinux has blocked access to a program it will be noted in either An example of a block message taken from the SELinux Fedora FAQ’s is:<\/p>\n Here npviewer.bin has been blocked by SELinux. From here you can go and search for the issue and find a solution, unblocking it if necessary.<\/p>\n If you are really sure that you want to turn off SELinux completely this can be done as described below.<\/p>\n Please note that, in almost all cases, it is better to find out what rule is preventing what you are trying to do from working. Once this has been found you can disable the rules that are causing the issue. This is a better idea than disabling SELinux completely. This is because the SELinux rules that you have not disabled would still be\u00a0protecting you.<\/p>\n The SELinux config file is located in Once this is done the system needs a full reboot to\u00a0apply the setting. This is because\u00a0it is a kernel level option and the kernel must be fully restarted.<\/p>\n Once this has been done SELinux has been fully disabled on the system. I can now see this by running Now I can see that SELinux has been fully disabled on the system.<\/p>\n","protected":false},"excerpt":{"rendered":" This post describes what SELinux is and how you can disable it on Fedora 26 if you need to.<\/p>\n","protected":false},"author":1,"featured_media":872,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_exactmetrics_skip_tracking":false,"_exactmetrics_sitenote_active":false,"_exactmetrics_sitenote_note":"","_exactmetrics_sitenote_category":0,"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[5],"tags":[41,190,195,194],"class_list":["post-869","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-informational","tag-fedora","tag-fedora-26","tag-security-enhanced-linux","tag-selinux"],"wppr_data":{"cwp_meta_box_check":"No"},"jetpack_publicize_connections":[],"jetpack_featured_media_url":"https:\/\/i0.wp.com\/chewett.co.uk\/blog\/wp-content\/uploads\/2017\/11\/disable_selinux_fedora_26.jpg?fit=800%2C800&ssl=1","jetpack_shortlink":"https:\/\/wp.me\/p2toWX-e1","jetpack_sharing_enabled":true,"jetpack-related-posts":[{"id":1360,"url":"https:\/\/chewett.co.uk\/blog\/1360\/unblocking-kibana-port-5601-on-fedora\/","url_meta":{"origin":869,"position":0},"title":"Unblocking Kibana port 5601 on Fedora","author":"Chewett","date":"July 21, 2018","format":false,"excerpt":"This post describes how you can unblock port 5601 to allow Kibana traffic through in the Fedora firewall. Unblocking port 5601 so traffic can get through to Kibana By default Fedora 28 has a firewall which blocks traffic reaching port 5601. This stops you being able to access Kibana on\u2026","rel":"","context":"In "Informational"","block_context":{"text":"Informational","link":"https:\/\/chewett.co.uk\/blog\/category\/informational\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/chewett.co.uk\/blog\/wp-content\/uploads\/2018\/07\/allowing_port_5601_kibana_through_firewall_fedora.jpg?fit=800%2C800&ssl=1&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/chewett.co.uk\/blog\/wp-content\/uploads\/2018\/07\/allowing_port_5601_kibana_through_firewall_fedora.jpg?fit=800%2C800&ssl=1&resize=350%2C200 1x, https:\/\/i0.wp.com\/chewett.co.uk\/blog\/wp-content\/uploads\/2018\/07\/allowing_port_5601_kibana_through_firewall_fedora.jpg?fit=800%2C800&ssl=1&resize=525%2C300 1.5x, https:\/\/i0.wp.com\/chewett.co.uk\/blog\/wp-content\/uploads\/2018\/07\/allowing_port_5601_kibana_through_firewall_fedora.jpg?fit=800%2C800&ssl=1&resize=700%2C400 2x"},"classes":[]},{"id":2426,"url":"https:\/\/chewett.co.uk\/blog\/2426\/unblocking-minecraft-server-port-25565-on-fedora\/","url_meta":{"origin":869,"position":1},"title":"Unblocking Minecraft Server port 25565 on Fedora","author":"Chewett","date":"March 20, 2020","format":false,"excerpt":"This post describes how you can unblock port 25565 to allow Minecraft Server traffic through in the Fedora firewall. Unblocking port 25565 so traffic can get through to Minecraft Server By default Fedora has a firewall which blocks traffic reaching port 25565. This stops you from being able to access\u2026","rel":"","context":"In "Informational"","block_context":{"text":"Informational","link":"https:\/\/chewett.co.uk\/blog\/category\/informational\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/chewett.co.uk\/blog\/wp-content\/uploads\/2020\/03\/unblocking_minecraft_port25565_posticon.jpg?fit=800%2C800&ssl=1&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/chewett.co.uk\/blog\/wp-content\/uploads\/2020\/03\/unblocking_minecraft_port25565_posticon.jpg?fit=800%2C800&ssl=1&resize=350%2C200 1x, https:\/\/i0.wp.com\/chewett.co.uk\/blog\/wp-content\/uploads\/2020\/03\/unblocking_minecraft_port25565_posticon.jpg?fit=800%2C800&ssl=1&resize=525%2C300 1.5x, https:\/\/i0.wp.com\/chewett.co.uk\/blog\/wp-content\/uploads\/2020\/03\/unblocking_minecraft_port25565_posticon.jpg?fit=800%2C800&ssl=1&resize=700%2C400 2x"},"classes":[]},{"id":813,"url":"https:\/\/chewett.co.uk\/blog\/813\/setting-up-a-samba-share-on-fedora-26\/","url_meta":{"origin":869,"position":2},"title":"Setting up a Samba share on Fedora 26","author":"Chewett","date":"January 12, 2019","format":false,"excerpt":"This post goes through the process of setting up a Windows Samba share on Fedora 26. This will let me access folders on the Fedora machine using windows explorer. Installing the necessary\u00a0programs To set up samba on Fedora we need to install some programs first. These are samba and samba-client.\u2026","rel":"","context":"In "Informational"","block_context":{"text":"Informational","link":"https:\/\/chewett.co.uk\/blog\/category\/informational\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/chewett.co.uk\/blog\/wp-content\/uploads\/2018\/12\/setting_up_samba_fc26-1.jpg?fit=800%2C800&ssl=1&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/chewett.co.uk\/blog\/wp-content\/uploads\/2018\/12\/setting_up_samba_fc26-1.jpg?fit=800%2C800&ssl=1&resize=350%2C200 1x, https:\/\/i0.wp.com\/chewett.co.uk\/blog\/wp-content\/uploads\/2018\/12\/setting_up_samba_fc26-1.jpg?fit=800%2C800&ssl=1&resize=525%2C300 1.5x, https:\/\/i0.wp.com\/chewett.co.uk\/blog\/wp-content\/uploads\/2018\/12\/setting_up_samba_fc26-1.jpg?fit=800%2C800&ssl=1&resize=700%2C400 2x"},"classes":[]},{"id":122,"url":"https:\/\/chewett.co.uk\/blog\/122\/using-nvidia-optimus-on-fedora\/","url_meta":{"origin":869,"position":3},"title":"Using Nvidia Optimus on Fedora","author":"Chewett","date":"March 6, 2013","format":false,"excerpt":"If your computer is recent and has an i3\/i5\/i7 intel core and a Nvidia graphics card it likely uses Optimus technology. This smart piece of software turns off the power-hungry Nvidia graphics card and runs most programs on the integrated intel graphics chip. In laptops this can save a lot\u2026","rel":"","context":"In "Fixes"","block_context":{"text":"Fixes","link":"https:\/\/chewett.co.uk\/blog\/category\/fixes\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":183,"url":"https:\/\/chewett.co.uk\/blog\/183\/install-virtualbox-guest-additions-fedora-21-xfce\/","url_meta":{"origin":869,"position":4},"title":"Install Virtualbox guest additions on Fedora 21 XFCE","author":"Chewett","date":"February 8, 2015","format":false,"excerpt":"Installing via the normal route didn't work and meant I couldn't easily resize the screen. Doing the below allowed me to use the resize easily. Install rpmfusion on fedora run `sudo yum install\u00a0akmod-VirtualBox\u00a0VirtualBox-guest` run `cd\u00a0\/usr\/src\/akmods` run `sudo rpm -ivh VirtualBox-*.rpm` Once this was installed, rebooting will give you access to\u2026","rel":"","context":"In "Fixes"","block_context":{"text":"Fixes","link":"https:\/\/chewett.co.uk\/blog\/category\/fixes\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":1162,"url":"https:\/\/chewett.co.uk\/blog\/1162\/unblocking-etherpad-port-9001-on-fedora\/","url_meta":{"origin":869,"position":5},"title":"Unblocking Etherpad port 9001 on Fedora","author":"Chewett","date":"May 9, 2018","format":false,"excerpt":"This post describes how you can unblock port 9001 to allow Etherpad traffic through in the Fedora firewall. Unblocking port 9001 so traffic can get through to Etherpad By default Fedora 27 has a firewall which blocks traffic reaching port 9001. This stops you being able to access Etherpad on\u2026","rel":"","context":"In "Software"","block_context":{"text":"Software","link":"https:\/\/chewett.co.uk\/blog\/category\/software\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/chewett.co.uk\/blog\/wp-content\/uploads\/2018\/05\/allowing_port_9001_etherpad_through_firewall_fedora.jpg?fit=800%2C800&ssl=1&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/chewett.co.uk\/blog\/wp-content\/uploads\/2018\/05\/allowing_port_9001_etherpad_through_firewall_fedora.jpg?fit=800%2C800&ssl=1&resize=350%2C200 1x, https:\/\/i0.wp.com\/chewett.co.uk\/blog\/wp-content\/uploads\/2018\/05\/allowing_port_9001_etherpad_through_firewall_fedora.jpg?fit=800%2C800&ssl=1&resize=525%2C300 1.5x, https:\/\/i0.wp.com\/chewett.co.uk\/blog\/wp-content\/uploads\/2018\/05\/allowing_port_9001_etherpad_through_firewall_fedora.jpg?fit=800%2C800&ssl=1&resize=700%2C400 2x"},"classes":[]}],"_links":{"self":[{"href":"https:\/\/chewett.co.uk\/blog\/wp-json\/wp\/v2\/posts\/869","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/chewett.co.uk\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/chewett.co.uk\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/chewett.co.uk\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/chewett.co.uk\/blog\/wp-json\/wp\/v2\/comments?post=869"}],"version-history":[{"count":4,"href":"https:\/\/chewett.co.uk\/blog\/wp-json\/wp\/v2\/posts\/869\/revisions"}],"predecessor-version":[{"id":875,"href":"https:\/\/chewett.co.uk\/blog\/wp-json\/wp\/v2\/posts\/869\/revisions\/875"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/chewett.co.uk\/blog\/wp-json\/wp\/v2\/media\/872"}],"wp:attachment":[{"href":"https:\/\/chewett.co.uk\/blog\/wp-json\/wp\/v2\/media?parent=869"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/chewett.co.uk\/blog\/wp-json\/wp\/v2\/categories?post=869"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/chewett.co.uk\/blog\/wp-json\/wp\/v2\/tags?post=869"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}sestatus<\/code> command<\/p>\n[chewett@endor-fedora26-vm ~]$ sestatus\r\nSELinux status: enabled<\/strong>\r\nSELinuxfs mount: \/sys\/fs\/selinux\r\nSELinux root directory: \/etc\/selinux\r\nLoaded policy name: targeted\r\nCurrent mode: enforcing\r\nMode from config file: enforcing\r\nPolicy MLS status: enabled\r\nPolicy deny_unknown status: allowed\r\nMax kernel policy version: 31<\/pre>\n
Why would I want to disable it?<\/h2>\n
\/var\/log\/audit\/audit.log<\/code> or \/var\/log\/messages<\/code>. These block lines will include the string avc: denied<\/code>.<\/p>\ntype=AVC msg=audit(1214965667.121:635): avc: denied { unix_read unix_write } for pid=15524 comm=\"npviewer.bin\" \r\nkey=59918130 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 \r\ntcontext=unconfined_u:unconfined_r:unconfined_t:s0-s<\/pre>\nHow to Disable SELinux on Fedora 26<\/h2>\n
\/etc\/selinux\/config<\/code> and to disable it the SELINUX<\/code> config setting needs to be set to disabled<\/code>.<\/p>\nSELINUX=disabled<\/pre>\n
sestatus<\/code> again.<\/p>\n[chewett@endor-fedora26-vm ~]$ sestatus\r\nSELinux status: disabled<\/pre>\n