标签:status ## SElinux virtualboxcentos7 linux 开启 SELinux policy root
1、查看内核、系统版本
[root@virtualboxcentos7 test]# hostnamectl
Static hostname: virtualboxcentos7
Icon name: computer-vm
Chassis: vm
Machine ID: e8d08b54fc55254aaefd55597b2e435b
Boot ID: f308a2863585439cb4c69007b56ad527
Virtualization: kvm
Operating System: CentOS Linux 7 (Core) ## 发行版
CPE OS Name: cpe:/o:centos:centos:7
Kernel: Linux 3.10.0-1160.49.1.el7.x86_64 ## 内核
Architecture: x86-64
2、查看当前的SElinux状态,sestatus命令
[root@virtualboxcentos7 test]# sestatus ## 使用sestatus查看 SELinux status: enabled SELinuxfs mount: /sys/fs/selinux SELinux root directory: /etc/selinux Loaded policy name: targeted Current mode: enforcing ## 说明是启用状态 Mode from config file: enforcing Policy MLS status: enabled Policy deny_unknown status: allowed Max kernel policy version: 31
3、临时关闭(系统重启后仍然后启动SElinux)
[root@virtualboxcentos7 test]# sestatus ## 查看当前状态 SELinux status: enabled SELinuxfs mount: /sys/fs/selinux SELinux root directory: /etc/selinux Loaded policy name: targeted Current mode: enforcing Mode from config file: enforcing Policy MLS status: enabled Policy deny_unknown status: allowed Max kernel policy version: 31 [root@virtualboxcentos7 test]# setenforce 0 ## 临时关闭SElinux [root@virtualboxcentos7 test]# sestatus ## 查看状态 SELinux status: enabled SELinuxfs mount: /sys/fs/selinux SELinux root directory: /etc/selinux Loaded policy name: targeted Current mode: permissive ## 由enforcing 变为了 permissive Mode from config file: enforcing Policy MLS status: enabled Policy deny_unknown status: allowed Max kernel policy version: 31
4、重新开启SElinux
[root@virtualboxcentos7 test]# sestatus ## 查看状态 SELinux status: enabled SELinuxfs mount: /sys/fs/selinux SELinux root directory: /etc/selinux Loaded policy name: targeted Current mode: permissive Mode from config file: enforcing Policy MLS status: enabled Policy deny_unknown status: allowed Max kernel policy version: 31 [root@virtualboxcentos7 test]# setenforce 1 ## 开启SElinux [root@virtualboxcentos7 test]# sestatus ## 查看状态 SELinux status: enabled SELinuxfs mount: /sys/fs/selinux SELinux root directory: /etc/selinux Loaded policy name: targeted Current mode: enforcing ## 由permissive 改为了 enforcing Mode from config file: enforcing Policy MLS status: enabled Policy deny_unknown status: allowed Max kernel policy version: 31
5、修改配置文件,永久关闭SElinux
[root@virtualboxcentos7 test]# vim /etc/sysconfig/selinux # This file controls the state of SELinux on the system. # SELINUX= can take one of these three values: # enforcing - SELinux security policy is enforced. # permissive - SELinux prints warnings instead of enforcing. # disabled - No SELinux policy is loaded. SELINUX=disabled ## 此处改为disabled, 然后保存退出 # SELINUXTYPE= can take one of three values: # targeted - Targeted processes are protected, # minimum - Modification of targeted policy. Only selected processes are protected. # mls - Multi Level Security protection. SELINUXTYPE=targeted
6、重启系统、检查
[root@virtualboxcentos7 test]# reboot
[root@virtualboxcentos7 test]# sestatus SELinux status: disabled [root@virtualboxcentos7 test]# getenforce ## 说明已经禁用SElinux Disabled
7、如果永久开启,在/etc/sysconfig/selinux配置文件中disabled改为enforcing,然后重启系统即可
标签:status,##,SElinux,virtualboxcentos7,linux,开启,SELinux,policy,root 来源: https://www.cnblogs.com/liujiaxin2018/p/15858778.html
本站声明: 1. iCode9 技术分享网(下文简称本站)提供的所有内容,仅供技术学习、探讨和分享; 2. 关于本站的所有留言、评论、转载及引用,纯属内容发起人的个人观点,与本站观点和立场无关; 3. 关于本站的所有言论和文字,纯属内容发起人的个人观点,与本站观点和立场无关; 4. 本站文章均是网友提供,不完全保证技术分享内容的完整性、准确性、时效性、风险性和版权归属;如您发现该文章侵犯了您的权益,可联系我们第一时间进行删除; 5. 本站为非盈利性的个人网站,所有内容不会用来进行牟利,也不会利用任何形式的广告来间接获益,纯粹是为了广大技术爱好者提供技术内容和技术思想的分享性交流网站。