SELinux

SELinux是Security-Enhanced Linux的缩写。它是一个Linux内核安全模块,为Linux系统提供了一个实现强制访问控制(MAC)策略的机制。基本上,它提供了一个更高级别的权限管理机制,超出了传统的UNIX权限和访问控制列表(ACL)。

通过配置文件关闭SELinux

修改配置文件

vim /etc/selinux/config
# This file controls the state of SELinux on the system.
​
# SELINUX= can take one of these three values:
​
#     enforcing - SELinux security policy is enforced.
​
#     permissive - SELinux prints warnings instead of enforcing.
​
#     disabled - No SELinux policy is loaded.
​
SELINUX=disabled
​
# SELINUXTYPE= can take one of three values:
​
#     targeted - Targeted processes are protected,
​
#     minimum - Modification of targeted policy. Only selected processes are protected. 
​
#     mls - Multi Level Security protection.
​
SELINUXTYPE=targeted

设置SELinux成为permissive模式即临时关闭selinux(可不用重启服务器)

setenforce 0

通过命令快速关闭SELinux

setenforce 0
sed -i 's#SELINUX=enforcing#SELINUX=disabled#g' /etc/selinux/config
grep SELINUX=disabled /etc/selinux/config