Linux下禁用、启用SeLinux

一些Linux默认都是启用SeLinux的，在安装操做系统的时候咱们能够选择开启或者关闭SeLinux，可是在安装完系统以后又如何开启与关闭呢？
在/etc/sysconf下有一个SeLinux文件，使用vi打开，更改其中的SELINUX项的值就能够了。

• SELINUX=disable  禁用SeLinux
• SELINUX=enforcing  使用SeLinux

[root@localhost sysconfig]# vim selinux 

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
SELINUX=enforcing
# SELINUXTYPE= can take one of these two values:
#     targeted - Targeted processes are protected,
#     minimum - Modification of targeted policy. Only selected processes are protected. 
#     mls - Multi Level Security protection.
SELINUXTYPE=targeted

关闭SELinux

1.无须重起而暂时关闭SELinux

• 以root用户运行如下命令

setenforce 0

这条命令的做用是把SELinux暂时设定成Permissive模式（关于Permissive Mode在如下会有介绍）

若是要恢复运行SELinux则能够运行

setenforce 1

这条命令会把SELinux设定成Enforcing模式

2.把SELinux永久设定为Permissive模式

这里须要讲一下Permissive和Enforcing模式的区别。 SELinux有三种模式：Enforcing, Permissive and Disable.

Enforcing模式就是应用SELinux所设定的Policy, 全部违反Policy的规则(Rules)都会被SELinux拒绝
Permissive和Enforcing的区别就在于它仍是会遵循SELinux的Policy,可是对于违反规则的操做只会予以记录而并不会拒绝操做

Disable 顾名思义就是彻底禁用SELinux

若是要永久设定为Permissive模式，咱们就要修改SELinux的配置文件 /etc/sysconfig/selinux (在RHEL5下这是一个symbolic link to /etc/selinux/conf)
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - SELinux is fully disabled.
SELINUX=enforcing
# SELINUXTYPE= type of policy in use. Possible values are:
# targeted - Only targeted network daemons are protected.
# strict - Full SELinux protection.
SELINUXTYPE=targeted

修改SELINUX=permissive,而后从新启动就能够了