[Email protected] ~]$ Cat/etc/selinux/config
# This file controls the state of the SELinux on the system.
# selinux= can take one of these three values:
# Enforcing-selinux security policy is enforced.
# Permissive-selinux Prints warnings instead of enforcing.
# disabled-no SELinux policy is loaded.
Selinux=enforcing
# selinuxtype= can take one of these the values:
# targeted-targeted processes is protected,
# Mls-multi level Security protection.
selinuxtype=targeted
method to turn off SELinux:
Modify the Selinux= "" in the/etc/selinux/config file to Disabled, and then restart.
If you do not want to restart the system, use the command Setenforce 0
Note:
Setenforce 1 set SELinux to be enforcing mode
Setenforce 0 set SELinux as permissive mode /p>
2. View the SELinux mode
# Getenforce
Enforcing <== shows that the current pattern is enforcing
3. View the SELinux policy
# Sestatus
SELinux status:enabled <== whether to start SELinux
SELINUXFS Mount:/selinux <==selinux related file data mount point
Current mode:enforcing <== mode
Mode from config file:enforcing <== profiles specified
Policy version:21
Policy from config file:targeted
"Focus" If you want to start selinux you must meet the following two points:
So, if you want to start SELinux, please set the above selinux=enforcing, and specify selinuxtype=targeted this setting, and go to/boot/grub/menu.lst this file, See if the core is off SELinux?
[Email protected] ~]# Vi/boot/grub/menu.lst
Default=0
Timeout=5
Splashimage= (hd0,0)/grub/splash.xpm.gz
Hiddenmenu
Title CentOS (2.6.18-92.EL5)
Root (hd0,0)
Kernel/vmlinuz-2.6.18-92.el5 ro root=label=/1 rhgb quiet selinux=0
Initrd/initrd-2.6.18-92.el5.img
# If you want to start SELinux, you can not appear selinux=0 the words behind kernel!
"Problem" Through the above study we know that if the startup of SELinux to disable, need to restart the computer, we do not want to restart the computer and do not want to open selinux what to do?
Answer will change the forced mode to loose mode!
[Email protected] ~]# Setenforce [0|1]
Options and Parameters:
0: Turn into permissive tolerant mode;
1: Turn into enforcing force mode
Example one: Switch SELinux between enforcing and permissive and view
[Email protected] ~]# Setenforce 0
[Email protected] ~]# Getenforce
Permissive
[Email protected] ~]# Setenforce 1
[Email protected] ~]# Getenforce
Enforcing
6. View the startup program's type settings
[[Email protected] oracle]# PS aux-z
LABEL USER PID%cpu%MEM VSZ RSS TTY STAT START time COMMAND
system_u:system_r:init_t Root 1 0.0 0.4 2060 520? Ss May07 0:02 Init [5
system_u:system_r:kernel_t Root 2 0.0 0.0 0 0? s< May07 0:00 [Migra]
system_u:system_r:kernel_t Root 11 0.0 0.0 0 0? s< May07 0:00 [KACPI]
system_u:system_r:auditd_t root 4022 0.0 0.4 12128 560? S<SL May07 0:01 AUDITD
system_u:system_r:auditd_t root 4024 0.0 0.4 13072 628? S<SL May07 0:00/sbin/a
system_u:system_r:restorecond_t Root 4040 0.0 4.4 10284 5556? Ss May07 0:00/USR/SB
Description: In fact, these things we do not care, are selinux built-in. Just learn to convert between forced and loose modes!
Methods for Linux server to turn off SELinux