Not the answer you need?
Register and ask your own question!

Selinux Query !!!

systemalisystemali AdvisorCurrent User Role Beginner

I would like to know if it is a good idea to have "SELINUX=enforcing" or have it "disabled" ?

I currently have both the variable set to :-

Should i have both the above disabled ?

I would also like to add here, this is my "main db" server along with another "replication" server !!!, just incase if this may have to do something !

Thank you all for your valuable inputs.

Thank you


  • scott.nemesscott.nemes MySQL Sage Current User Role Patron
    That would be a question for your client as to what level of security they want / need. Ideally SELinux would be enabled / enforcing, but it is often hard to work with for people who are not familiar with it. So short answer is yes, you should have it enabled. But the real world answer is it depends on the cost benefit analysis of ease of use versus security concerns. =)
  • systemalisystemali Advisor Current User Role Beginner
    Thank you for your revert Scott :)

    Well, i am the one who is managing this server for the client and this server is on a private ip range.

    Since this server is also being replicated, I was thinking if disabling "SELinux" would reduce some process load on this server, as the client is very finicky with cpu loads.

    Will it in make any difference on the CPU load, if i disable it ?

    Thank you,
  • scott.nemesscott.nemes MySQL Sage Current User Role Patron
    I doubt it would have any effect on performance from anything that I've seen. The only time you even really notice SELinux is when you relabel the system and when something changes to where SELinux complains and will not let something run (i.e. you move the MySQL data dir and it will no longer start due to improper SELinux contexts). Aside from that, you likely could not tell the difference as far as performance goes.

    Often on internal systems that are not externally accessible people will turn SELinux off just because it's "easier" to work with. It's still a good idea to have it on when possible, but whether or not it is worth the risk is up to you then.
  • systemalisystemali Advisor Current User Role Beginner
    Thank you so very much for a detailed clarification :)

    It helped a lot as always, you have been wonderful all throughout !!!

    On that note, does the company not have any plans for scheduling training seminars in India , by any chance ?

    Thank you
  • scott.nemesscott.nemes MySQL Sage Current User Role Patron
    Glad to help!

    I do not work for Percona, so I do not have any information regarding training plans. However if you send a private message to TomD on here he should be able to answer any questions you have about that. =)
Sign In or Register to comment.

MySQL, InnoDB, MariaDB and MongoDB are trademarks of their respective owners.
Copyright ©2005 - 2020 Percona LLC. All rights reserved.