linux中如何关闭\开启SElinux

1、查看内核、系统版本

[root@virtualboxcentos7 test]# hostnamectl
   Static hostname: virtualboxcentos7
         Icon name: computer-vm
           Chassis: vm
        Machine ID: e8d08b54fc55254aaefd55597b2e435b
           Boot ID: f308a2863585439cb4c69007b56ad527
    Virtualization: kvm
  Operating System: CentOS Linux 7 (Core)    ## 发行版
       CPE OS Name: cpe:/o:centos:centos:7
            Kernel: Linux 3.10.0-1160.49.1.el7.x86_64   ## 内核
      Architecture: x86-64

 

2、查看当前的SElinux状态,sestatus命令

[root@virtualboxcentos7 test]# sestatus  ## 使用sestatus查看
SELinux status:                 enabled
SELinuxfs mount:                /sys/fs/selinux
SELinux root directory:         /etc/selinux
Loaded policy name:             targeted
Current mode:                   enforcing   ## 说明是启用状态
Mode from config file:          enforcing
Policy MLS status:              enabled
Policy deny_unknown status:     allowed
Max kernel policy version:      31

 

3、临时关闭(系统重启后仍然后启动SElinux)

[root@virtualboxcentos7 test]# sestatus  ## 查看当前状态
SELinux status:                 enabled
SELinuxfs mount:                /sys/fs/selinux
SELinux root directory:         /etc/selinux
Loaded policy name:             targeted
Current mode:                   enforcing
Mode from config file:          enforcing
Policy MLS status:              enabled
Policy deny_unknown status:     allowed
Max kernel policy version:      31
[root@virtualboxcentos7 test]# setenforce 0    ## 临时关闭SElinux
[root@virtualboxcentos7 test]# sestatus      ## 查看状态
SELinux status:                 enabled
SELinuxfs mount:                /sys/fs/selinux
SELinux root directory:         /etc/selinux
Loaded policy name:             targeted
Current mode:                   permissive    ## 由enforcing 变为了 permissive
Mode from config file:          enforcing
Policy MLS status:              enabled
Policy deny_unknown status:     allowed
Max kernel policy version:      31

 

4、重新开启SElinux

[root@virtualboxcentos7 test]# sestatus   ## 查看状态
SELinux status:                 enabled
SELinuxfs mount:                /sys/fs/selinux
SELinux root directory:         /etc/selinux
Loaded policy name:             targeted
Current mode:                   permissive
Mode from config file:          enforcing
Policy MLS status:              enabled
Policy deny_unknown status:     allowed
Max kernel policy version:      31
[root@virtualboxcentos7 test]# setenforce 1   ## 开启SElinux
[root@virtualboxcentos7 test]# sestatus      ## 查看状态
SELinux status:                 enabled
SELinuxfs mount:                /sys/fs/selinux
SELinux root directory:         /etc/selinux
Loaded policy name:             targeted
Current mode:                   enforcing   ## 由permissive 改为了  enforcing
Mode from config file:          enforcing
Policy MLS status:              enabled
Policy deny_unknown status:     allowed
Max kernel policy version:      31

 

 5、修改配置文件,永久关闭SElinux

[root@virtualboxcentos7 test]# vim /etc/sysconfig/selinux

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
SELINUX=disabled      ## 此处改为disabled, 然后保存退出
# SELINUXTYPE= can take one of three values:
#     targeted - Targeted processes are protected,
#     minimum - Modification of targeted policy. Only selected processes are protected.
#     mls - Multi Level Security protection.
SELINUXTYPE=targeted

 

 

6、重启系统、检查

[root@virtualboxcentos7 test]# reboot

 

[root@virtualboxcentos7 test]# sestatus
SELinux status:                 disabled
[root@virtualboxcentos7 test]# getenforce     ## 说明已经禁用SElinux
Disabled

 

7、如果永久开启,在/etc/sysconfig/selinux配置文件中disabled改为enforcing,然后重启系统即可

 

posted @ 2022-02-01 01:31  小鲨鱼2018  阅读(811)  评论(0编辑  收藏  举报