next up previous contents
Next: SELinux Contexts Up: SELinux Previous: 設計原由   Contents


  1. SELinux 開機啟動模式
    [root@kvm7 ~]# vim /etc/selinux/config 
    [root@kvm7 ~]# cat /etc/selinux/config 
    # This file controls the state of SELinux on the system.
    # SELINUX= can take one of these three values:
    #     enforcing - SELinux security policy is enforced.
    #     permissive - SELinux prints warnings instead of enforcing.
    #     disabled - No SELinux policy is loaded.
    # SELINUXTYPE= can take one of three two values:
    #     targeted - Targeted processes are protected,
    #     minimum - Modification of targeted policy. Only selected processes are protected. 
    #     mls - Multi Level Security protection.
  2. 關察目前 SELinux 狀態
    [root@kvm7 ~]# sestatus 
    SELinux status:                 enabled
    SELinuxfs mount:                /sys/fs/selinux
    SELinux root directory:         /etc/selinux
    Loaded policy name:             targeted
    Current mode:                   permissive
    Mode from config file:          enforcing
    Policy MLS status:              enabled
    Policy deny_unknown status:     allowed
    Max kernel policy version:      28
  3. 改變 SELinux 模式
    [root@kvm7 ~]# getenforce 
    [root@kvm7 ~]# setenforce 1
    [root@kvm7 ~]# getenforce 

De-Yu Wang 2018-11-30