New Contributor
Posts: 1
Registered: ‎10-04-2017
Accepted Solution

Why I do need to turn off SElinux?

Hello all,

I am planning install Cloudera Manager and I have received a questioning from security sector about SElinux, because in my demand I've asked to disable SElinux based on installation issues I just want to know why I do need to turn off/disable SElinux?

In my understanding its architecture strives to separate enforcement of security decisions from the security policy itself, and streamlines the amount of software involved with security policy enforcement. If SElinux is a part of kernel and a security implementation, maybe, could cause security breach disable it? Besides to know why, I'd like to know if has a form to keep SElinux and install Cloudera.

I am thankful for helping me with these philosophical questions.

Posts: 465
Topics: 14
Kudos: 77
Solutions: 41
Registered: ‎09-02-2016

Re: Why I do need to turn off SElinux?



One common reason to disable the firewall is, as we know HDFS maintains replication in different nodes/racks but it shouldn't take any extra time for that. Setting firewall using SElinux may disturb this (or) lead to performance issue. So the general recommendation is to disable the firewall. But I believe in some cases users are still using hadoop with firewall for security reasons (if the business really demands).


Regarding your question about security, you can follow the other recommended securities like kerberos, sentry, etc (depends upon your needs).

Posts: 642
Topics: 3
Kudos: 107
Solutions: 67
Registered: ‎08-16-2016

Re: Why I do need to turn off SElinux?

It is an issue with the installation. I don't know precisely what is the issue though. You can disable it, or set it to permissive, complete the installation, and then revert it back. I have always just kept it off, but presumably, you would need to repeat this for each upgrade.