檢視SELinux狀態 關閉SELinux

1.1 getenforce

1.2 /usr/sbin/sestatus

current mode表示當前selinux防火牆的安全策略

[root@localhost ~]# /usr/sbin/sestatus

selinux status:                 enabled
selinuxfs mount:                /sys/fs/selinux
selinux root directory:         /etc/selinux
loaded policy name:             targeted
current mode:                   enforcing
mode from config file:          enforcing
policy mls status:              enabled
policy deny_unknown status:     allowed
max kernel policy version:      28

current mode： selinux防火牆當前的安全策略，enforcing 表示強

2.1 臨時關閉

setenforce 0：用於關閉selinux防火牆，但重啟後失效。

[root@localhost ~]# setenforce 0

[root@localhost ~]# /usr/sbin/sestatus

selinux status:                 enabled
selinuxfs mount:                /sys/fs/selinux
selinux root directory:         /etc/selinux
loaded policy name:             targeted
current mode:                   permissive
mode from config file:          enforcing
policy mls status:              enabled
policy deny_unknown status:     allowed
max kernel policy version:      28

修改selinux的配置檔案，重啟後生效。

開啟 selinux 配置檔案

[root@localhost ~]# vim /etc/selinux/config

將selinux=enforcing改為selinux=disabled，儲存後退出

# this file controls the state of selinux on the system.

# selinux= can take one of these three values:
#     enforcing - selinux security policy is enforced.
#     permissive - selinux prints warnings instead of enforcing.
#     disabled - no selinux policy is loaded.
selinux=enforcing
# selinuxtype= can take one of three two values:
#     targeted - targeted processes are protected,
#     minimum - modification of targeted policy. only selected processes are protected. 
#     mls - multi level security protection.
selinuxtype=targeted

[root@localhost ~]# getenforce

enforcing

[root@localhost ~]# reboot

[root@localhost ~]# /usr/sbin/sestatus

selinux status:                 disabled
[root@localhost ~]# getenforce
disabled

檢視selinux狀態和關閉

檢視selinux狀態 1 usr sbin sestatus v 如果selinux status引數為enabled即為開啟狀態 selinux status enabled 2 getenforce 也可以用這個命令檢查 關閉selinux 1 臨時關閉 不用重啟機器 setenforce 0...

檢視 SELinux狀態及關閉SELinux

檢視selinux狀態 1 usr sbin sestatus v 如果selinux status引數為enabled即為開啟狀態 selinux status enabled 2 getenforce 也可以用這個命令檢查 關閉selinux 1 臨時關閉 不用重啟機器 setenforce 0...

檢視 SELinux狀態及關閉SELinux

本文出自 孤星雨 部落格，請務必保留此出處 檢視selinux狀態 1 usr sbin sestatus v 如果selinux status引數為enabled即為開啟狀態 selinux status enabled 2 getenforce 也可以用這個命令檢查 關閉selinux 1 臨時...