CentOS disable Selinux
Selinux: SELinux (Security-EnhancedLinux) is the most outstanding New Security Subsystem in Linux history for implementing mandatory access control by the National Security Agency (NSA.
Although it is a security function, it is more troublesome to use because there are too many functions and everything needs to be managed. Therefore, you can disable it and use other security methods instead.
[1] view three modes of Selinux operation
[Root @ moban ~] # Cat/etc/selinux/config # This is The Selinux configuration file directory.
#ThisfilecontrolsthestateofSELinuxonthesystem.
#SELINUX=cantakeoneofthesethreevalues:
#enforcing-SELinuxsecuritypolicyisenforced.
#permissive-SELinuxprintswarningsinsteadofenforcing.
#disabled-NoSELinuxpolicy
is
loaded.
SELINUX=enforcing
#SELINUXTYPE=cantakeoneofthesetwovalues:
#targeted-Targetedprocessesareprotected,
#mls-MultiLevelSecurityprotection.
SELINUXTYPE=targeted
Three running modes are available:
Enforcing: Enable Selinux
Permissive: Free mode. In this mode, only warning messages are printed, but not blocked.
Disabled: Disable Selinux
[2] changing the running mode of Selinux configuration file
Method 1: Use the vi file editor to modify
[root@moban~]#vi/etc/selinux/config
Change "SELINUX = enforcing" to "SELINUX = disabled". Save and exit.
Method 2: sed command
[root@moban~]#sed-is#SELINUX=enforcing#SELINUX=disabled#g/etc/selinux/conf
[root@moban~]#grep
"disabled"
/etc/selinux/config
#disabled-NoSELinuxpolicy
is
loaded.
SELINUX=disabled
Note that you must add the parameter-I. Otherwise, only the output is changed, rather than the content of the configuration file. However, you must note that the configuration file for Selinux modification takes effect only after the next restart. Therefore, the actual running status of Selinux is still enforcing, so you need to make some other settings. (In order not to restart the Linux system)
[3] changing the current running mode of Selinux
View the current running mode:
[root@moban~]#getenforce
Enforcing
Change the current mode to the permissive status:
[root@moban~]#setenforce
0
[root@moban~]#getenforce
Permissive
Note that the current running mode of Selinux has been changed to the permissive State. If you still need to change back to the enforcing State, enter setenforce 1. Note that setenforce only has the parameters 0 and 1:
[root@moban~]#setenforce
1
[root@moban~]#getenforce
Enforcing
[root@moban~]#setenforce2
usage:setenforce[Enforcing|Permissive|
1
|
0
]
After changing to the permissive status, a warning message is printed, but it does not affect the actual operation.
From this we can see that the first is Permanent modification, and the second is temporary modification.