When you install the Intel C + + and Fortran compilers in CentOS6.2, you encounter a situation where the forced mode of selinux is not enforceable.
Need to turn off selinux or change enforcing to permissive mode, query to some data, first on the selinux of several patterns, and its relationship and conversion methods to do a summary for later viewing and learning.
SELinux startup, Shutdown and view
1, not all Linux distributions support SELinux
currently SELinux supports three modes, respectively:
enforcing: Mandatory mode, representing SELinux operation, and has been the right to begin to limit the Domain/type; permissive: Tolerance mode: representative of SELinux operation, but only warning messages will not actually restrict domain/type access. This mode can be transported as SELinux debug;
disabled: Shut down, SELinux not actually working.
2, view the SELinux mode
# Getenforce Enforcing <== shows that the current pattern is enforcing
3, view the SELinux policy (Policy).
[Root@master oracle]# Sestatus
SELinux status:enabled <== is started SELinux
SELINUXFS Mount:/selinux <==selinux related file mount point
Current mode:enforcing <== present pattern
Mode from config file:enforcing <== profile specified pattern
Policy version:21
Policy from config file:targeted <== current policy.
4, adjust SELinux parameters by configuration file
[root@www ~]# vi/etc/selinux/config
selinux=enforcing <== adjustment enforcing|disabled| Permissive
selinuxtype=targeted <== currently only has targeted and strict
5,selinux startup and shutdown
"important common sense" above is the preset policy and startup mode. You should be aware that if you change the policy you need to reboot, if the enforcing or permissive changed to disabled, or from disabled to the other two, it must also be rebooted. This is because the SELinux is integrated into the core, and you can only switch to mandatory (enforcing) or tolerant (permissive) mode under SELinux operation and cannot directly close SELinux.
at the same time, the state of the SELinux shutdown (disable) to the open state also requires a reboot. So, if you have just found Getenforce appear disabled, please go to the above file to change into enforcing bar.
"Focus" If you want to start SELinux must meet the following two points: So, if you want to start SELinux, please set the above selinux=enforcing, and specify selinuxtype=targeted this setting, and to/boot
/grub/menu.lst this file to see if the core is closed SELinux. [Root@www ~]# vi/boot/grub/menu.lst default=0 timeout=5 splashimage= (hd0,0)/grub/splash.xpm.gz hiddenmenu title Cent OS (2.6.18-92.EL5) root (hd0,0) kernel/ Vmlinuz-2.6.18-92.el5 ro root=label=/1 rhgb quiet selinux=0 initrd/
INITRD-2.6.18-92.EL5.IMG # If you want to start SELinux, you cannot have the words selinux=0 behind kernel.
The "problem" through the above learning we know, if the start of the SELinux changed to disable, need to restart the computer, we do not want to restart the computer and do not want to open the SELinux how to do it.
"Answer" changes the force mode to loose mode. [Root@www ~]# Setenforce [0|1] options and Parameters: 0: Turn into permissive tolerance mode; 1: Convert to enforcing coercion mode example one: SELinux in enforcing and Permiss Ive between switches and views [root@www ~]# setenforce 0 [root@www ~]# getenforce Permissive [root@www ~]# setenforce 1 [root@www ~]# ge Tenforce enforcing 6, view the type settings of the started program [Root@master oracle]# PS aux-z LABEL USER PID%cpu%mem VSZ RSS TTY STAT START time COMMAND system_u:system_r:init_t root 1 0.0 0.4 2060 520? Ss May07 0:02 init [5 system_u:system_r:kernel_t root 2 0.0 0.0 0 0? s< May07 0:00 [Migra] system_u:system_r:kernel_t root 11 0.0 0.0 0 0? s< May07 0:00 [kacpi] system_u:system_r:auditd_t root 4022 0.0 0.4 12128 560? S<SL May07 0:01 auditd system_u:system_r:auditd_t root 4024 0.0 0.4 13072 628?
S<sl May07 0:00/sbin/a system_u:system_r:restorecond_t root 4040 0.0 4.4 10284 5556? Description: In fact, these things we do not have to pipe, are selinux built.
Just learn to switch between forced and relaxed mode.
Summary attached:
Ways to turn off SELinux:
Modify the Selinux= "" in the/etc/selinux/config file as disabled and reboot.
If you do not want to reboot the system, use the command Setenforce 0
Note:
Setenforce 1 set SELinux to become enforcing mode
Setenforce 0 Set SELinux to become permissive mode
Increase in the boot parameters of Lilo or grub: selinux=0, or you can turn off SELinux
#---------------------------------------------------------------
View selinux status:
/usr/bin/setstatus-v
as follows:
SELinux status: enabled
Selinuxfs mount: /selinux
Current mode: permissive
Mode from config file: Enforcing
Policy version:
Policy from config file: Targeted
Getenforce/setenforce View and set SELinux's current working mode
#------------------------------------- ----------------------------------
Discovery service Start, stop immediately, find information on the Internet, find the installation to disable SELinux first, and then install MySQL, the steps are:
1. Turn off the SELinux and reboot the system;
2. Install MySQL (MySQL server should be able to start up);
3. Enable SELinux, reboot the system, then the MySQL server can be started normally.
Disabling SELinux is enabled by:
Vi/etc/selinux/config (also some people say is/etc/sysconfig/selinux file, in fact, two is a link between, casually change one, the other also changed)
selinux=disable Disable SELINUX
Selinux=enforcing Enable SELINUX
CentOS System How to quickly close SELinux
SELinux is a domain-type model (DOMAIN-TYPE) of the mandatory access control (MAC) security system, which is written by the NSA and designed as a kernel module included in the kernel, some of the corresponding security related applications have been patched SELinux, and finally a corresponding security policy. Although the CentOS system is relatively safe and stable compared with other systems. My experience in long-term Linux practice is that SELinux is a natural enemy of PHP.
We often because of the CentOS system default system security configuration caused some inexplicable problems, such as SELinux is used for Security subsystem Authority control, but do not find a lot of restrictions, we can use the following methods to quickly close the SELinux.
/usr/sbin/setenforce 0, close SELinux immediately.
/usr/sbin/setenforce 1 immediately enable SELINUX
Add to system default boot inside
echo "/usr/sbin/setenforce 0" >>/etc/rc.local
In this way, when we don't need to open the SELinux in the CentOS system, we can quickly shut it down and turn it on when we need it.