setenforce 0 关闭SELinux
setenforce 1 临时打开SELinux
getenforce 查看SELinux状态
永久关闭SELinux :
# cat /etc/selinux/config # This file controls the state of SELinux on the system. # SELINUX= can take one of these three values: # enforcing - SELinux security policy is enforced. # permissive - SELinux prints warnings instead of enforcing. # disabled - No SELinux policy is loaded. SELINUX=enforcing # SELINUXTYPE= can take one of these two values: # default - equivalent to the old strict and targeted policies # mls - Multi-Level Security (for military and educational use) # src - Custom policy built from source #SELINUXTYPE=default #SELINUXTYPE=ubuntu SELINUXTYPE=g6s-policy # SETLOCALDEFS= Check local definition changes SETLOCALDEFS=0 上面改为SELINUX=disabled #可以关闭selinux,免得每次启动都要setenforce 0关闭selinux
查看selinux策略
# sestatus SELinux status: enabled 若上面将SELINUX改为disabled,这里就是disabled,getenforce也是 SELinuxfs mount: /sys/fs/selinux SELinux root directory: /etc/selinux 相关的配置等文件会放在这里面 Loaded policy name: my-policy Current mode: enforcing Mode from config file: enforcing Policy MLS status: disabled Policy deny_unknown status: denied Memory protection checking: actual (secure) Max kernel policy version: 31