Linux下禁用、啓用SeLinux

一些Linux默認都是啓用SeLinux的，在安裝操做系統的時候咱們能夠選擇開啓或者關閉SeLinux，可是在安裝完系統以後又如何開啓與關閉呢？
在/etc/sysconf下有一個SeLinux文件，使用vi打開，更改其中的SELINUX項的值就能夠了。

• SELINUX=disable  禁用SeLinux
• SELINUX=enforcing  使用SeLinux

[root@localhost sysconfig]# vim selinux 

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
SELINUX=enforcing
# SELINUXTYPE= can take one of these two values:
#     targeted - Targeted processes are protected,
#     minimum - Modification of targeted policy. Only selected processes are protected. 
#     mls - Multi Level Security protection.
SELINUXTYPE=targeted

關閉SELinux

1.無須重起而暫時關閉SELinux

• 以root用戶運行如下命令

setenforce 0

這條命令的做用是把SELinux暫時設定成Permissive模式（關於Permissive Mode在如下會有介紹）

若是要恢復運行SELinux則能夠運行

setenforce 1

這條命令會把SELinux設定成Enforcing模式

2.把SELinux永久設定爲Permissive模式

這裏須要講一下Permissive和Enforcing模式的區別。 SELinux有三種模式：Enforcing, Permissive and Disable.

Enforcing模式就是應用SELinux所設定的Policy, 全部違反Policy的規則(Rules)都會被SELinux拒絕
Permissive和Enforcing的區別就在於它仍是會遵循SELinux的Policy,可是對於違反規則的操做只會予以記錄而並不會拒絕操做

Disable 顧名思義就是徹底禁用SELinux

若是要永久設定爲Permissive模式，咱們就要修改SELinux的配置文件 /etc/sysconfig/selinux (在RHEL5下這是一個symbolic link to /etc/selinux/conf)
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - SELinux is fully disabled.
SELINUX=enforcing
# SELINUXTYPE= type of policy in use. Possible values are:
# targeted - Only targeted network daemons are protected.
# strict - Full SELinux protection.
SELINUXTYPE=targeted

修改SELINUX=permissive,而後從新啓動就能夠了