How do I remove any SELinux context or ACL?

10

4

HI, I have some files, that I'd like to remove the SELinux context or ACLs from (denoted by a '.' or a '+' respectively when using ls -alZ).

I don't have too much time on my hands to read on the , etc on how to use chcon etc., so I just want to quickly know how to disable them all.

Also, if someone knows a SELinux/ACL Cheat-Sheet, that would be terrific.

Here's a screen shot:

alt text

Notice the dots right after the permission symbols: drwxr-xr-x., etc.

polemon

Posted 2010-09-23T13:07:34.277

Reputation: 2 531

What is this ' . ' and ' + ' you are talking about? I don't see anything like that on the -Z specific output of ls. – Jason Axelson – 2010-09-24T03:35:15.147

maybe you don't use Ext4? I'll post an edit shortly, since this isn't getting any replies. – polemon – 2010-09-25T19:33:15.117

Answers

11

setfacl -b will remove the ACL on a file. setfattr -x security.selinux will remove the SELinux file context, but you will probably have to boot with SELinux completely disabled.

Ignacio Vazquez-Abrams

Posted 2010-09-23T13:07:34.277

Reputation: 100 516

0

As long as selinux is in permissive or enforcing you will not be able to remove the . This indicates selinux attributes are set. Since Permissive is still doing the selinux checks (just not enforcing) it will force the . on the end of attributes.

To fully remove the dot the only way I know of is to completely stop selinux.

vim /etc/selinux/config and set to disabled. Reboot then run this command on the files you want to remove the . (selinux acl)

setfattr -x security.selinux myfilewithdot

Here is the output from my desktop Centos7 after setting selinux to

setfattr -x security.selinux /foo.txt

Mark Stewart

Posted 2010-09-23T13:07:34.277

Reputation: 101

I took too long and didn't see Ignacios post above. – Mark Stewart – 2020-02-13T21:17:05.903

0

You never stated what you are removing ACL's "from", but if it is a file system, unmounting it and remounting it without the ACL option will do the job quickly.

kmarsh

Posted 2010-09-23T13:07:34.277

Reputation: 4 632

I can't remount my root partition just to remove ACL's, I just want to remove them once from a directory. – polemon – 2010-10-01T04:00:14.550

More details like this in the question would be helpful. – kmarsh – 2010-10-01T17:38:17.033

Asked: 2010-09-23T13:07:34.277

Viewed: 28 833 times

Active: 2020-02-13T21:15:42.937