SELinux 介绍
SELinux是美国国家安全局(NSA)对于强制访问控制的实现。大多数情况下我们会关闭SELinux。
永久关闭SELinux
- 修改SELinux的配置文件:
[root@39 ~]# cp /etc/selinux/config /etc/selinux/config.bak
[root@39 ~]# sed -i 's#SELINUX=enforcing#SELINUX=disabled#g' /etc/selinux/config
[root@39 ~]# cat /etc/selinux/config
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced. # 已经启动
# permissive - SELinux prints warnings instead of enforcing. # 临时停用,会有警告
# disabled - No SELinux policy is loaded. # 彻底关闭
SELINUX=disabled
# SELINUXTYPE= can take one of these two values:
# targeted - Targeted processes are protected,
# mls - Multi Level Security protection.
SELINUXTYPE=targeted
注意:修改完配置文件后需要重启服务器才能生效
临时关闭SELinux
# 查看SELinux状态:
[root@39 ~]# getenforce
Enforcing
[root@39 ~]# setenforce
usage: setenforce [ Enforcing | Permissive | 1 | 0 ]
[root@u39 ~]# setenforce 0
[root@39 ~]# getenforce
Permissive