SELinux tolerant mode (permissive) forced mode (enforcing) off (disabled) conversion between several modes

When installing Intel's C + + and Fortran compilers in CentOS6.2, you encounter a situation in which SELinux enforcement mode is not enforceable.
Need to close selinux or change the enforcing to permissive mode, after querying some of the data, the selinux of several modes, and its relationship and conversion methods to do a summary, for later viewing and learning.

Enforcing: Mandatory mode, on behalf of the SELinux operation, and has correctly begun to limit the domain/type;? Permissive: Tolerance mode: Represents SELinux operation, but only warning messages will not actually limit Domain/type The access. This model can be shipped as the use of SELinux debug;
Disabled: Off, SELinux does not actually work.

2. View the SELinux mode
# Getenforce Enforcing <== shows that the current mode is enforcing
3. View the SELinux policy?
[Email protected] oracle]# Sestatus
SELinux status:enabled <== whether to start SELinux
SELINUXFS Mount:/selinux <==selinux related file data mount point
Current mode:enforcing <== mode
Mode from config file:enforcing <== profiles specified
Policy version:21
Policy from config file:targeted <== What are the current policies?

At the same time, the state of the SELinux shutdown (disable) to the open state also needs to be rebooted! So, if you have just found Getenforce appear disabled, please go to the above file changes to become enforcing bar!

"Focus" If you want to start selinux you must meet the following two points:
So, if you want to start SELinux, please set the above selinux=enforcing, and specify selinuxtype=targeted this setting, and go to/boot/grub/menu.lst this file, See if the core is off SELinux?

[Email protected] ~]# Vi/boot/grub/menu.lst
Default=0
Timeout=5
Splashimage= (hd0,0)/grub/splash.xpm.gz
Hiddenmenu
Title CentOS (2.6.18-92.EL5)
Root (hd0,0)
Kernel/vmlinuz-2.6.18-92.el5 ro root=label=/1 rhgb quiet selinux=0
Initrd/initrd-2.6.18-92.el5.img

# If you want to start SELinux, you can not appear selinux=0 the words behind kernel!
"Problem" Through the above study we know that if the startup of SELinux to disable, need to restart the computer, we do not want to restart the computer and do not want to open selinux what to do?
Answer will change the forced mode to loose mode!
[Email protected] ~]# Setenforce [0|1]
Options and Parameters:
0: Turn into permissive tolerant mode;
1: Turn into enforcing force mode

Example one: Switch SELinux between enforcing and permissive and view
[Email protected] ~]# Setenforce 0
[Email protected] ~]# Getenforce Permissive
[Email protected] ~]# Setenforce 1
[Email protected] ~]# Getenforce enforcing

6. View the startup program's type settings
[[Email protected] oracle]# PS aux-z
LABEL USER PID%cpu%MEM VSZ RSS TTY STAT START time COMMAND
system_u:system_r:init_t Root 1 0.0 0.4 2060 520? Ss May07 0:02 init [5 system_u:system_r:kernel_t root 2 0.0 0.0 0 0? s< May07 0:00 [Migra] system_u:system_r:kernel_t root 11 0.0 0.0 0 0? s< May07 0:00 [kacpi] system_u:system_r:auditd_t root 4022 0.0 0.4 12128 560? S&LT;SL May07 0:01 auditd system_u:system_r:auditd_t root 4024 0.0 0.4 13072 628? S<sl May07 0:00/sbin/a system_u:system_r:restorecond_t root 4040 0.0 4.4 10284 5556? Ss May07 0:00/USR/SB

Description: In fact, these things we do not care, are selinux built-in. Just learn to convert between forced and loose modes!



Summary attached:

To close the SELinux method:
Modify the Selinux= "" in the/etc/selinux/config file to Disabled, and then restart.
If you do not want to restart the system, use the command Setenforce 0
Note:
Setenforce 1 setting SELinux to become enforcing mode
Setenforce 0 Setting SELinux to become permissive mode
Added in Lilo or grub boot parameters: Selinux=0, can also turn off SELinux

#---------------------------------------------------------------
To view the SELinux status:
/usr/bin/setstatus-v
As follows:
SELinux status:enabled
SELINUXFS Mount:/selinux
Current Mode:permissive
Mode from config file:enforcing
Policy version:21
Policy from config file:targeted
Getenforce/setenforce viewing and setting the current operating mode of SELinux
#-----------------------------------------------------------------------
Discovery service start, stop immediately, find information on the Internet, find the installation to disable SELinux before installing MySQL, the steps are:

1. Turn off SELinux and restart the system;
2. Install MySQL (MySQL server should be able to boot up);
3. Enable SELinux, restart the system, and then MySQL server will start normally.

To enable the Disable SELinux method is:

Vi/etc/selinux/config (also some people say is the/etc/sysconfig/selinux file, in fact, two is a link between the relationship, casually change one, the other changed)

Selinux=disable disabling SELinux

Selinux=enforcing Enable SELinux

How the CentOS system quickly shuts down SELinux

SELinux is an enforced access control (MAC) security system based on the domain-type model (DOMAIN-TYPE), which is written by the NSA and designed into kernel modules, and some of the corresponding security-related applications have been patched by SELinux, and finally there is a corresponding security policy. Although the CentOS system is relatively safe and stable compared to the other. My experience in long-term Linux practice is that SELinux is the natural enemy of PHP.

We often cause some inexplicable problems due to the security configuration of the CentOS system default system, such as SELinux is originally used for security subsystem permissions control, but can not find a lot of restrictions, we may use the following methods to quickly close selinux.

/usr/sbin/setenforce 0 Close SELinux immediately

/usr/sbin/setenforce 1 Enable SELINUX now

Add to system default boot inside

echo "/usr/sbin/setenforce 0" >>/etc/rc.local

This allows us to quickly shut down when we don't need to open selinux in the CentOS system, and to turn it on when needed.