Three models of SELinux
Enforcing #permissive # tolerant mode: represents SELinux operation, but only warning messages do not actually restrict access to domain/type. This mode can be shipped as SELinux debug, disabled # closed, SELinux does not actually work.
View the status of SELinux
1. View configuration information/usr/sbin/sestatus-v
#/usr/sbin/sestatus-vSELinux status:enabled#if enabled, the/etc/selinux/config file should be readSELINUXFS Mount:/SELinux CurrentMode:permissive#the actual pattern (tolerant mode)Mode from configfile:Enforcingpolicy version: 24Policy from configfile:targetedprocess Contexts: CurrentContext:unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.C1023init Context: system_u:system_r:init_t:S0/sbin/mingetty system_u:system_r:getty_t:S0/usr/sbin/sshd system_u:system_r:sshd_t:s0-s0:c0.c1023FileContexts:controlling term: unconfined_u:object_r:user_devpts_t:S0/ETC/PASSWD system_u:object_r:etc_t:S0/etc/shadow system_u:object_r:shadow_t:S0/bin/bash system_u:object_r:shell_exec_t:S0/bin/login system_u:object_r:login_exec_t:S0/bin/sh System_u:object_r:bin_t:s0, system_u:object_r:shell_exec_t:S0/sbin/agetty system_u:object_r:getty_exec_t:S0/sbin/init system_u:object_r:init_exec_t:S0/sbin/mingetty system_u:object_r:getty_exec_t:S0/usr/sbin/sshd System_u:object_r:sshd_exec_t:s0
2,getenforce
# Getenforce Permissive # the actual pattern (tolerant mode)
1. Modify configuration file/etc/selinux/config (restart required)
#Vim/etc/selinux/config#This file controls the state of the SELinux on the system.#selinux= can take one of these three values:#Enforcing-selinux security policy is enforced.#Permissive-selinux prints warnings instead of enforcing.#disabled-no SELinux policy is loaded.#selinux=enforcing # #改为disabledselinux=Disabled#Selinuxtype= can take one of these the values:#targeted-targeted processes is protected,#Mls-multi level Security protection.selinuxtype=targeted
2,getenforce (Temporary modification, no restart, no restart)
# Getenforce 0 Permissive # getenforce 1 set SELinux to enforcing mode, because SELinux is directly integrated into the kernel, so you can not directly disabled, You can only force conversions in enforcing and permissive.
Turn off SELinux