关闭SELinux

SELinux的三种模式

enforcing       #强制模式,代表 SELinux 运作中,且已经正确的开始限制 domain/type 了; 
permissive      #宽容模式:代表 SELinux 运作中,不过仅会有警告讯息并不会实际限制 domain/type 的存取。这种模式可以运来作为 SELinux 的 debug 之用;
disabled        #关闭,SELinux 并没有实际运作。

 

查看SElinux的状态

1,查看配置信息 /usr/sbin/sestatus -v

# /usr/sbin/sestatus -v
SELinux status:                 enabled     #若为enabled表示开启,应该是读取/etc/selinux/config文件
SELinuxfs mount:                /selinux
Current mode:                   permissive   #实际上的模式(宽容模式)
Mode from config file:          enforcing
Policy version:                 24
Policy from config file:        targeted
Process contexts:
Current context:                unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
Init context:                   system_u:system_r:init_t:s0
/sbin/mingetty                  system_u:system_r:getty_t:s0
/usr/sbin/sshd                  system_u:system_r:sshd_t:s0-s0:c0.c1023
File contexts:
Controlling term:               unconfined_u:object_r:user_devpts_t:s0
/etc/passwd                     system_u:object_r:etc_t:s0
/etc/shadow                     system_u:object_r:shadow_t:s0
/bin/bash                       system_u:object_r:shell_exec_t:s0
/bin/login                      system_u:object_r:login_exec_t:s0
/bin/sh                         system_u:object_r:bin_t:s0 -> system_u:object_r:shell_exec_t:s0
/sbin/agetty                    system_u:object_r:getty_exec_t:s0
/sbin/init                      system_u:object_r:init_exec_t:s0
/sbin/mingetty                  system_u:object_r:getty_exec_t:s0
/usr/sbin/sshd                  system_u:object_r:sshd_exec_t:s0

2,getenforce

# getenforce
Permissive    #实际上的模式(宽容模式)

 

关闭SElinux

1,修改配置文件/etc/selinux/config(需要重启)

# vim /etc/selinux/config
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
# SELINUX=enforcing  ##改为disabled
SELINUX=disabled
# SELINUXTYPE= can take one of these two values:
#     targeted - Targeted processes are protected,
#     mls - Multi Level Security protection.
SELINUXTYPE=targeted

2,getenforce(临时修改,不需重启,重启失效)

# getenforce 0
Permissive    # getenforce 1设置SELinux为enforcing模式,由于SELinux是直接整合到内核中,所以不可以直接disabled,只能强制在enforcing和permissive中转换。

posted @ 2015-03-16 11:35  苦逼挨踢男  阅读(312)  评论(0编辑  收藏  举报