SELinux tolerance mode (permissive) forced mode (enforcing) shutdown (disabled) conversion between several modes __linux

Source: Internet
Author: User
When you install the Intel C + + and Fortran compilers in CentOS6.2, you encounter a situation where the forced mode of selinux is not enforceable.
Need to turn off selinux or change enforcing to permissive mode, query to some data, first on the selinux of several patterns, and its relationship and conversion methods to do a summary for later viewing and learning.

SELinux startup, Shutdown and view 
 
1, not all Linux distributions support SELinux 
currently SELinux supports three modes, respectively: 
 
enforcing: Mandatory mode, representing SELinux operation, and has been the right to begin to limit the Domain/type; permissive: Tolerance mode: representative of SELinux operation, but only warning messages will not actually restrict domain/type access. This mode can be transported as SELinux debug;
disabled: Shut down, SELinux not actually working.
 
 
2, view the SELinux mode
# Getenforce Enforcing <== shows that the current pattern is enforcing

3, view the SELinux policy (Policy).
[Root@master oracle]# Sestatus
SELinux status:enabled <== is started SELinux
SELINUXFS Mount:/selinux <==selinux related file mount point
Current mode:enforcing <== present pattern
Mode from config file:enforcing <== profile specified pattern
Policy version:21
Policy from config file:targeted <== current policy.

4, adjust SELinux parameters by configuration file 
[root@www ~]# vi/etc/selinux/config 
selinux=enforcing <== adjustment enforcing|disabled| Permissive 
selinuxtype=targeted <== currently only has targeted and strict 
 
5,selinux startup and shutdown 
"important common sense" above is the preset policy and startup mode. You should be aware that if you change the policy you need to reboot, if the enforcing or permissive changed to disabled, or from disabled to the other two, it must also be rebooted. This is because the SELinux is integrated into the core, and you can only switch to mandatory (enforcing) or tolerant (permissive) mode under SELinux operation and cannot directly close SELinux. 
at the same time, the state of the SELinux shutdown (disable) to the open state also requires a reboot. So, if you have just found Getenforce appear disabled, please go to the above file to change into enforcing bar.

"Focus" If you want to start SELinux must meet the following two points: So, if you want to start SELinux, please set the above selinux=enforcing, and specify selinuxtype=targeted this setting, and to/boot
 
/grub/menu.lst this file to see if the core is closed SELinux. [Root@www ~]# vi/boot/grub/menu.lst default=0 timeout=5 splashimage= (hd0,0)/grub/splash.xpm.gz hiddenmenu title Cent OS (2.6.18-92.EL5)       root (hd0,0)       kernel/ Vmlinuz-2.6.18-92.el5 ro root=label=/1 rhgb quiet selinux=0       initrd/ 
INITRD-2.6.18-92.EL5.IMG # If you want to start SELinux, you cannot have the words selinux=0 behind kernel. 
The "problem" through the above learning we know, if the start of the SELinux changed to disable, need to restart the computer, we do not want to restart the computer and do not want to open the SELinux how to do it. 
"Answer" changes the force mode to loose mode. [Root@www ~]# Setenforce [0|1] options and Parameters: 0: Turn into permissive tolerance mode; 1: Convert to enforcing coercion mode example one: SELinux in enforcing and Permiss Ive between switches and views [root@www ~]# setenforce 0 [root@www ~]# getenforce Permissive [root@www ~]# setenforce 1 [root@www ~]# ge Tenforce enforcing 6, view the type settings of the started program [Root@master oracle]# PS aux-z LABEL USER PID%cpu%mem VSZ RSS TTY STAT START time COMMAND system_u:system_r:init_t root 1 0.0 0.4 2060 520? Ss May07 0:02 init [5 system_u:system_r:kernel_t root 2 0.0 0.0 0 0? s< May07 0:00 [Migra] system_u:system_r:kernel_t root 11 0.0 0.0 0 0? s< May07 0:00 [kacpi] system_u:system_r:auditd_t root 4022 0.0 0.4 12128 560? S&LT;SL May07 0:01 auditd system_u:system_r:auditd_t root 4024 0.0 0.4 13072 628?            
 
S<sl May07 0:00/sbin/a system_u:system_r:restorecond_t root 4040 0.0 4.4 10284 5556? Description: In fact, these things we do not have to pipe, are selinux built.
 
 
  Just learn to switch between forced and relaxed mode.
Summary attached:

Ways to turn off SELinux:
Modify the Selinux= "" in the/etc/selinux/config file as disabled and reboot.
If you do not want to reboot the system, use the command Setenforce 0
Note:
Setenforce 1 set SELinux to become enforcing mode
Setenforce 0 Set SELinux to become permissive mode
Increase in the boot parameters of Lilo or grub: selinux=0, or you can turn off SELinux

#---------------------------------------------------------------
View selinux status:
/usr/bin/setstatus-v
as follows:
SELinux status:                  enabled
Selinuxfs mount:                /selinux
Current mode:                    permissive
Mode from config file:           Enforcing
Policy version:                 
Policy from config file:         Targeted
 
Getenforce/setenforce View and set SELinux's current working mode
#------------------------------------- ----------------------------------
   Discovery service Start, stop immediately, find information on the Internet, find the installation to disable SELinux first, and then install MySQL, the steps are:

1. Turn off the SELinux and reboot the system;
2. Install MySQL (MySQL server should be able to start up);
3. Enable SELinux, reboot the system, then the MySQL server can be started normally.

Disabling SELinux is enabled by:

Vi/etc/selinux/config (also some people say is/etc/sysconfig/selinux file, in fact, two is a link between, casually change one, the other also changed)

selinux=disable Disable SELINUX

Selinux=enforcing Enable SELINUX

CentOS System How to quickly close SELinux
SELinux is a domain-type model (DOMAIN-TYPE) of the mandatory access control (MAC) security system, which is written by the NSA and designed as a kernel module included in the kernel, some of the corresponding security related applications have been patched SELinux, and finally a corresponding security policy. Although the CentOS system is relatively safe and stable compared with other systems. My experience in long-term Linux practice is that SELinux is a natural enemy of PHP.


We often because of the CentOS system default system security configuration caused some inexplicable problems, such as SELinux is used for Security subsystem Authority control, but do not find a lot of restrictions, we can use the following methods to quickly close the SELinux.

/usr/sbin/setenforce 0, close SELinux immediately.

/usr/sbin/setenforce 1 immediately enable SELINUX


Add to system default boot inside

echo "/usr/sbin/setenforce 0" >>/etc/rc.local


In this way, when we don't need to open the SELinux in the CentOS system, we can quickly shut it down and turn it on when we need it.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.