disable

RHEL6 – Display and Modify SELinux Modes

/ Christopher Paquin / Leave a comment

There are three basic commands that you can use to display and modify SELinux modes. They are as follows

  • getenforce

  • setenforce

  • sestatus

The first two are installed as part of the package, libselinux-utils. The sestatus is installed as part of policycoreutils.

Setenforce will enable or disable SELinux temporarily. Use 0 to disable and 1 to enable as shown below.

#setenforce 0
#setenforce 1

If you need need your change to be persistent across reboots edit /etc/selinux/config.

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#       enforcing - SELinux security policy is enforced.
#       permissive - SELinux prints warnings instead of enforcing.
#       disabled - SELinux is fully disabled.
SELINUX=enforcing
# SELINUXTYPE= type of policy in use. Possible values are:
#       targeted - Only targeted network daemons are protected.
#       strict - Full SELinux protection.
SELINUXTYPE=targeted

Getenforce is used to query your SELinux Status as seen below

[root@vpaquin01 selinux]# getenforce 
Enforcing

Sestatus give you the same information as getenforce but in a bit more detail

[root@vpaquin01 selinux]# /usr/sbin/sestatus
SELinux status:                 enabled
SELinuxfs mount:                /selinux
Current mode:                   enforcing
Mode from config file:          enforcing
Policy version:                 24
Policy from config file:        targeted


How to Disable DRS for one VM in a DRS Enabled Cluster

/ Christopher Paquin / 4 Comments

Vmotion_archVMware DRS (Distributed Resource Scheduler) is a feature of ESX that balances
computing workloads with available resources in a virtualized
environment. 

When you enable a cluster for DRS, VirtualCenter continuously monitors the distribution
of CPU and memory resources for all hosts and virtual machines in the
cluster. DRS compares these metrics to what resource utilization
ideally should be given the attributes of the resource pools and
virtual machines in the cluster, and the current load. Note that DRS is only available in ESX Enterprise or above.

When DRS is enabled in a cluster, ESX then will automagically vmotion guest VMs to other hosts in your cluster in an attempt to ballance out the load evenly across the cluster. However, sometimes this behavior is not always desired. For exmaple if you have a large VM that you want to stay pinned to a particular host.

In order to override the default DRS cluster settings for a vm, you need to do the following.

  1. Right Click on your cluster and then click on "edit settings"
  2. Under DRS, click on "Virtual Machine Options"
  3. Locate the particular VM and the drop down box under "Automation Level"
  4. Change "Default (Fully Automated)" to "Manual"