Unit Tenth
Management of SELinux
one display and change SELINUX mode
Getenforce # # #显示selinux模式
Setenforce 0|1 # #0指permissive警告, 1 means enforcing mandatory # # #
650) this.width=650; "src=" Https://s4.51cto.com/wyfs02/M02/92/C4/wKioL1kC1SLhY0tLAADcaf_SKsI192.png "title=" Screenshot from 2017-04-27 11-30-00.png "alt=" Wkiol1kc1slhy0tlaadcaf_sksi192.png "/>
Vim/etc/sysconfig/selinux # # #修改selinux开机状态 # # #
650) this.width=650; "src=" Https://s1.51cto.com/wyfs02/M00/92/C5/wKiom1kC1Tih2fX0AAFpa-fifHA118.png "title=" Screenshot from 2017-04-27 11-32-27.png "alt=" Wkiom1kc1tih2fx0aafpa-fifha118.png "/>
Note:disable indicates off, enforcing indicates coercion, permissive indicates warning, disable state switches to permissive state or enforcing state to restart system
two displaying the SELinux file context
1 assigns the context of the parent directory to the newly created file. This works for commands such as VIMCP and touch, but if the file is created elsewhere and retains permissions (as with MV or CP-A), the SELinux context is also preserved
2 Display Context
PS Axz
Ps-zc
Ls-z
three modifying the SELinux security context
Chcon-t
650) this.width=650; "src=" Https://s1.51cto.com/wyfs02/M01/92/C5/wKiom1kC1U3whruMAAKTWYIHKGw610.png "title=" Screenshot from 2017-04-27 11-50-18.png "alt=" Wkiom1kc1u3whrumaaktwyihkgw610.png "/>
Management of SELinux