SELinux has three basic modes of operation:
Enforcing: The default mode which will enable and
enforce the SELinux security policy on the system, denying access and logging
actions
Permissive: In Permissive mode, SELinux is enabled but will not enforce
the security policy, only warn and log actions. Permissive mode is useful for
troubleshooting SELinux issues
Disabled: SELinux is turned off
During Hadoop installation enabling SElinux to Enforce create
performance overhead and different nodes/racks are involved (example for HDFS)
so Cloudera recommends to disable it, or set it to permissive, complete the
installation, and then revert it back if you need SELinux features.
To check the current status of SELinux:
[root@host1
hasnain]# sestatus
SELinux status:
enabled
SELinuxfs mount:
/sys/fs/selinux
SELinux root directory:
/etc/selinux
Loaded policy name:
targeted
Current mode:
enforcing
Mode from config file:
enforcing
Policy MLS status:
enabled
Policy deny_unknown status:
allowed
Max kernel policy version:
31
To disable SELinux you need to edit /etc/sysconfig/selinux or
/etc/selinux/config
SELINUX=enforcing changed to SELINUX=disabled
After this change it will require to reboot the host. To verify
this:
[root@host1
hasnain]# getenforce
Disabled
[root@host1
hasnain]# sestatus
SELinux status: disabled
Use the following command to stop SELinux immediately but this
will not disable this command will set it to Permissive mode.
setenforce 0
After you have installed and deployed Hadoop/CDH, you can
re-enable SELINUX, like below:
[root@adf1
hasnain]# getenforce
Permissive
[root@adf1
hasnain]# setenforce 1
[root@adf1
hasnain]# getenforce
Enforcing
[root@adf1
hasnain]# setenforce 0
[root@adf1
hasnain]# getenforce
Permissive
Post a Comment
Post a Comment
Thanks for your comment !
I will review your this and will respond you as soon as possible.