Selinux Query !!!


I would like to know if it is a good idea to have “SELINUX=enforcing” or have it “disabled” ?

I currently have both the variable set to :-

Should i have both the above disabled ?

I would also like to add here, this is my “main db” server along with another “replication” server !!!, just incase if this may have to do something !

Thank you all for your valuable inputs.

Thank you

That would be a question for your client as to what level of security they want / need. Ideally SELinux would be enabled / enforcing, but it is often hard to work with for people who are not familiar with it. So short answer is yes, you should have it enabled. But the real world answer is it depends on the cost benefit analysis of ease of use versus security concerns. =)

Thank you for your revert Scott :slight_smile:

Well, i am the one who is managing this server for the client and this server is on a private ip range.

Since this server is also being replicated, I was thinking if disabling “SELinux” would reduce some process load on this server, as the client is very finicky with cpu loads.

Will it in make any difference on the CPU load, if i disable it ?

Thank you,

I doubt it would have any effect on performance from anything that I’ve seen. The only time you even really notice SELinux is when you relabel the system and when something changes to where SELinux complains and will not let something run (i.e. you move the MySQL data dir and it will no longer start due to improper SELinux contexts). Aside from that, you likely could not tell the difference as far as performance goes.

Often on internal systems that are not externally accessible people will turn SELinux off just because it’s “easier” to work with. It’s still a good idea to have it on when possible, but whether or not it is worth the risk is up to you then.

Thank you so very much for a detailed clarification :slight_smile:

It helped a lot as always, you have been wonderful all throughout !!!

On that note, does the company not have any plans for scheduling training seminars in India , by any chance ?

Thank you

Glad to help!

I do not work for Percona, so I do not have any information regarding training plans. However if you send a private message to TomD on here he should be able to answer any questions you have about that. =)