SELinux causes disk I/O problems-Linux Enterprise applications-Linux server application information. The following is a detailed description. Yesterday, the new server in the Changchun data center crashed at night. After restarting in the morning, check that % util occupied 100% of the system disk. why can't I get down? I stopped all the applications, but I still don't know if it was SELinux. SELinux is an advanced security feature provided since FC3 and as4. it is also a breakthrough in Linux security.
It can control the permissions of any application running on the system.
SELinux is enabled by default. When SELinux is enabled for this server in Changchun, % util occupies too much space.
The solution is easier. Modify/etc/selinux/config and set SELINUX = disabled to restart the system.
If SELinux is enabled, most of the services in the system are not defined in the SELinux policy .. SELinux rejects the normal application of this service .. SELinux outputs all rejection information to:/var/log/messages .. if the outside world keeps accessing an application service in the system, but SELinux does not stop, the denial information is output at the same time. when the traffic reaches a certain level. SELinux write operations will cause % util to occupy too much.
Therefore, if a service such as bind cannot be started normally, you can query the messages file to check whether SELinux causes the service to fail. You can use/usr/bin/audit2allow to modify the rules.
Run the following command to check which programs are blocked by SELinux: # cat/var/log/messages |/usr/bin/audit2allow
You can only add the rejected access to The SELinux configuration file to solve the restrictions on some class security features. SELinux configuration file directory:/etc/selinux/targeted/src/policy/domains/program
SELinux configuration files are stored in/etc/selinux. The/etc/selinux/targeted directory contains detailed policy configuration and context definition. The following are the main files and functions:
Complete the configuration to make it take effect. Use the following command to reload SELinux: make-C/etc/selinux/targeted/src/policy reload.
Setenforce 0 disable SELinux and do not restart the system
In actual work, there are few SELinux applications, so this is not a detailed description. We will add more information when SELinux is involved in the future.
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.
