SELinux 介绍
SELinux是美国国家安全局(NSA)对于强制访问控制的实现。大多数情况下我们会关闭SELinux。
永久关闭SELinux
- 修改SELinux的配置文件:
[root@39 ~]# cp /etc/selinux/config /etc/selinux/config.bak [root@39 ~]# sed -i 's#SELINUX=enforcing#SELINUX=disabled#g' /etc/selinux/config [root@39 ~]# cat /etc/selinux/config # This file controls the state of SELinux on the system. # SELINUX= can take one of these three values: # enforcing - SELinux security policy is enforced. # 已经启动 # permissive - SELinux prints warnings instead of enforcing. # 临时停用,会有警告 # disabled - No SELinux policy is loaded. # 彻底关闭 SELINUX=disabled # SELINUXTYPE= can take one of these two values: # targeted - Targeted processes are protected, # mls - Multi Level Security protection. SELINUXTYPE=targeted
注意:修改完配置文件后需要重启服务器才能生效
临时关闭SELinux
# 查看SELinux状态: [root@39 ~]# getenforce Enforcing [root@39 ~]# setenforce usage: setenforce [ Enforcing | Permissive | 1 | 0 ] [root@u39 ~]# setenforce 0 [root@39 ~]# getenforce Permissive