Does anyone know how to disable selinux?
I had selinux installed on this system a long time ago. Recently I
believe apparmor was active (and therefore selinux not active). Today I
upgraded to Debian 12.
apparmor was preventing named (bind9) from running; whatever I did, it
was denying read to a file (/usr/share/dns/root.hints). So I disabled
apparmor by setting apparmor=0 on the boot command line.
Now it seems that selinux is active again, and even when I try to set
selinux=0 to disable it, it is still running and spamming the logs with
messages like
logrotate.service: Failed to read SELinux context of
'/lib/systemd/system/logrotate.service', ignoring: Operation not permitted
How should I disable selinux? I followed the suggestion in the man page
(man selinux: To properly disable SELinux, it is recommended to use the
selinux=0 kernel boot option). This does not seem to work.
Any help greatly appreciated.
Thanks,
Alex
# lsb_release -a
No LSB modules are available.
Distributor ID: Debian
Description: Debian GNU/Linux 12 (bookworm)
Release: 12
Codename: bookworm
# cat /proc/version
Linux version 6.1.0-13-686-pae (debian-ker...@lists.debian.org) (gcc-12
(Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40) #1 SMP
PREEMPT_DYNAMIC Debian 6.1.55-1 (2023-09-29)
# cat /proc/cmdline
BOOT_IMAGE=/boot/vmlinuz-6.1.0-13-686-pae root=/dev/mapper/main-root ro
quiet apparmor=0 selinux=0
# sestatus
SELinux status: enabled
SELinuxfs mount: /sys/fs/selinux
SELinux root directory: /etc/selinux
Loaded policy name: default
Current mode: permissive
Mode from config file: disabled
Policy MLS status: disabled
Policy deny_unknown status: denied
Memory protection checking: actual (secure)
Max kernel policy version: 33