On Saturday, March 23, 2013 07:13:44 PM Sven Vermeulen wrote:
[email protected][1]> wrote:>> I have a couple of old servers that are being replaced and repurposed as> developer testbed systems. Since they are already configured with all of the> software and settings that our production boxes need I want to keep them as> intact as possible. However, I want to remove selinux (and hardened in> general) from a couple of them.>> The one and only time I tried to remove selinux from a running system it> severely broke coreutils and I ended up basically reinstalling. Is there a> known-safe procedure to remove the selinux bits from a system while leaving> everything else installed? What order do I need to do things to prevent the> existing selinux- aware stuff from falling apart?> I'm not aware of such a procedure for now... :-( wkr, Sven Vermeulen 1.) Boot with selinux disabled (selinux=0 on the boot line). I think this would be the most important thing. Or, boot with a kernel without selinux? 2.) Switch profile 3.) emerge --deep --newuse -av @world 4.) Slightly tricky part that took me a while - reinstall all packages that have a companion '-selinux' package. For me, these weren't detected above. If you don't do this, those companion -selinux packages will still be dependencies and you can't remove them. 5.) Depclean all selinux packages (companion packages, plus policy, etc) 6.) Remove mountpoint from fstab, etc NOTE: This probably doesn't qualify as a "known, safe" way, but it worked for me, although my setup is relatively uncomplicated. Ben [email protected] -------- [1] mailto:[email protected]
