Disable SeLinuxLinux server without restarting

Source: Internet
Author: User
With the continuous development of the company's business, we recently rented a Linux server. We wanted to use Debian, but the management staff of the IDC would not install it, so we had to use RHEL5 instead. Zendoptimizer is used for the system. I installed v3.3, and the installation process went smoothly. After I restarted apache, I found that Zend was not loaded... with the continuous development of the company's business, we recently rented a Linux server. We wanted to use Debian, but the management staff of the IDC would not install it, so we had to use RHEL5 instead. Zend optimizer is used for the system. I installed v3.3 and the installation process went smoothly. After I restarted apache, I found that the Zend optimizer module was not loaded, and no records were found in apache error_log, execute the php-v command with the following output:
Failed loading/usr/local/Zend/lib/Optimizer-3.3.0/ZendOptimizer. so:/usr/local/Zend/lib/Optimizer-3.3.0/ZendOptimizer. so: cannot restore segment prot after reloc: Permission denied: the reason why seLinux is used. if selinux is enabled on the server, change the selinux configuration file to disable, but I don't want to restart the server. there are the following solutions:
Run the command: setenforce 0 www.2cto.com and disable selinux without restarting. However, disabling selinux makes zend optimizer take effect. after all, it is not a perfect solution. Documents with selinux:
Selinux introduction SElinux provides a flexible mandatory access control system (MAC) at the Linux kernel level, which is built on a free access control system (DAC. DAC means that the system's secure access control is freely managed by the system administrator root, not when the system forces MAC to run, for example, when an application or thread runs with a user UID or SUID, it also has access control restrictions on some other objects, such as files and ETS) or other threads can run the SElinux MAC kernel to protect the system from malicious programs, or the system's own bugs will not have a fatal impact on the system (limit the impact to a certain extent) SElinux defines access and transmission permissions for every user, program, process, and file. Then, you can manage the interaction between all these objects. for SELinux objects, you can set the strict degree during installation as needed, or disable them completely in most cases, SElinux is completely transparent to users. ordinary users cannot feel the existence of Selinux. only the system administrator needs to consider these user environments and policies. These policies can be deployed as needed or strictly restricted by applications. Selinux provides very specific control policies covering the entire linux system.
For example, if an object, such as an application, wants to access a file object, the control program in the kernel checks the Access Vector Cache (AVC) and finds the target and object permissions from here, if no permission definition is found here, you can continue to query the upper and lower associations of the security definition and file permissions, and then decide whether to allow or deny access. If the information avc: denied appears in var/log/messages, the access is denied. The security association between the target and the object is determined by the installation policy. These installation policies are also responsible for generating a security list for the system to provide information. In addition to the running force mode, SELinux can run in the license mode. at this time, after AVC is checked, the rejection is recorded. Selinux does not force this policy. www.2cto.com
The following describes the SELinux Related tool/usr/bin/setenforce to modify the real-time running mode of SELinux. setenforce 1 sets SELinux to enforcing mode setenforce 0 sets SELinux to permissive mode. if SELinux needs to be permanently disabled set selinux to 0 in/etc/sysconfig/selinux, or in/etc/grub. add this parameter/usr/bin/setstatus-v in conf to check the system status.
See SELinux status: enabledSELinuxfs mount:/selinuxCurrent mode: enforcingPolicy version: 18. This article is from the fat shark network.
Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.