-
SELinux三种模式
- Enforcing:强制模式。代表SELinux在运行中,且已经开始限制domain/type之间的验证关系
- Permissive:半关闭。代表SELinux在运行中,但不使用规则,进程仍可以对文件进行操作。不过如果验证不正确会发出警告
- Disabled:关闭模式。SELinux并没有实际运行
-
相关命令
- sestatus –v
//查询当前 selinux 状态(详细) - getenforce
//获取当前 selinux 状态 - setenforce 1
//临时开启(0 关闭) - ls –Z
//查看文件的 selinux 类型
- sestatus –v
-
永久关闭
- 修改/etc/sysconfig/selinux文件中的SELINUX=enforcing为SELINUX=disabled,如下配置文件。
- Selinux是内核级别的访问控制的安全模块,所以修改完必须重启系统。
[root@Centos7.4 ~]# cat /etc/sysconfig/selinux
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of three two values:
# targeted - Targeted processes are protected,
# minimum - Modification of targeted policy. Only selected processes are protected.
# mls - Multi Level Security protection.
SELINUXTYPE=targeted