How to disable SELinux without restarting the Linux Server

The company rented another Linux server and wanted to use Debian, but the management staff of the IDC would not install it, so they had to use rhel5 instead.

Zend optimizer is used for the system. I installed v3.3 and the installation process went smoothly. After I restarted Apache, I found that the Zend optimizer module was not loaded, and no records were found in Apache error_log, execute the PHP-V command with the following output:

Failed loading/usr/local/Zend/lib/Optimizer-3.3.0/zendoptimizer. so:/usr/local/Zend/lib/Optimizer-3.3.0/zendoptimizer. so: cannot restore segment prot after reloc: Permission denied

The reason for searching the Internet is SELinux. The server is indeed on SELinux, And the configuration file of SELinux is changed to disable. But I don't want to restart the server. There are the following solutions:

Execute the command: setenforce 0

You can disable SELinux without restarting. However, disabling SELinux makes Zend optimizer take effect. After all, it is not a perfect solution. Continue to pay attention.

Documents with SELinux:

About SELinux

SELinux provides a flexible Mandatory Access Control System (MAC) at the Linux kernel level. This mandatory access control system is built on a free access control system (DAC.

DAC means that the system's Secure Access Control is managed by the system administrator root and is not mandatory by the system.

When running Mac, for example, when an application or thread runs with a user UID or suid, it also has access control restrictions on some other objects, such as files and ets) or other threads

Running SELinux Mac kernel can protect the system from malicious program attacks, or the system's own bugs will not have a fatal impact on the system (limiting the impact to a certain extent)

SELinux defines access and transmission permissions for every user, program, process, and file. Manage the interaction between all these objects

For SELinux, you can set the strict degree or completely disable the object during installation as needed.

In most cases, SELinux is completely transparent to users. ordinary users do not feel the existence of SELinux. Only the system administrator needs to consider these user environments and policies. These policies can be deployed as needed or strictly restricted by applications. SELinux provides very specific control policies covering the entire Linux system.

For example, if an object, such as an application, wants to access a file object, the control program in the kernel checks the access Vector cache (AVC) and finds the target and object permissions from here, if no permission definition is found here, you can continue to query the upper and lower associations of the security definition and file permissions, and then decide whether to allow or deny access. If the information AVC: denied appears in var/log/messages, the access is denied.

The security association between the target and the object is determined by the installation policy. These installation policies are also responsible for generating a security list for the system to provide information.

In addition to the running force mode, SELinux can run in the license mode. At this time, after AVC is checked, the rejection is recorded. SELinux does not force this policy.

The following describes SELinux-related tools.

/Usr/bin/setenforce modify the real-time running mode of SELinux

Setenforce 1 sets SELinux to enforcing Mode

Setenforce 0 sets SELinux to permissive Mode

To completely disable SELinux, set SELinux to 0 in/etc/sysconfig/SELinux, or add this parameter to/etc/grub. conf.

/Usr/bin/setstatus-V

View system status

The following is the running output. For more information, see

SELinux status: Enabled

Selinuxfs mount:/SELinux

Current Mode: enforcing

Policy Version: 18

From: http://www.linuxidc.com/Linux/2008-01/10679.htm