Fortinet black logo

KVM Administration Guide

Home FortiGate Private Cloud 7.0.0 KVM Administration Guide
7.0.0
7.4.0
7.2.0
7.0.0
6.4.0

SELinux

SELinux

SELinux is already disabled in the kernel command line, thanks to GRUB. Therefore, the /etc/sysconfig/selinux settings are ignored. The following changes reinforce this and are considered good practice.

If you must have SELinux enabled as part of your build standard, you can enable it. However, this may impact overall performance.

[root@rhel-tiger-14-6 ~]# sed -i s/^SELINUX=.*$/SELINUX=disabled/ /etc/selinux/config

[root@rhel-tiger-14-6 ~]# cat /etc/selinux/config

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of these three values:
#     targeted - Targeted processes are protected,
#     minimum - Modification of targeted policy. Only selected processes are protected. 
#     mls - Multi Level Security protection.
SELINUXTYPE=targeted
  • SELINUX=disabled: disable SELinux.

You can check SELinux status using one of the following commands:

[root@rhel-tiger-14-6 ~]# sestatus
SELinux status:                 disabled
[root@rhel-tiger-14-6 ~]# getenforce
Disabled
Previous
Next

SELinux

SELinux is already disabled in the kernel command line, thanks to GRUB. Therefore, the /etc/sysconfig/selinux settings are ignored. The following changes reinforce this and are considered good practice.

If you must have SELinux enabled as part of your build standard, you can enable it. However, this may impact overall performance.

[root@rhel-tiger-14-6 ~]# sed -i s/^SELINUX=.*$/SELINUX=disabled/ /etc/selinux/config

[root@rhel-tiger-14-6 ~]# cat /etc/selinux/config

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of these three values:
#     targeted - Targeted processes are protected,
#     minimum - Modification of targeted policy. Only selected processes are protected. 
#     mls - Multi Level Security protection.
SELINUXTYPE=targeted
  • SELINUX=disabled: disable SELinux.

You can check SELinux status using one of the following commands:

[root@rhel-tiger-14-6 ~]# sestatus
SELinux status:                 disabled
[root@rhel-tiger-14-6 ~]# getenforce
Disabled
Previous
Next