因为没有关闭selinux,通常情况下载安装完CentOS7后,默认情况下SElinux是启用状态。
[root@rdo ~]# sestatus
SELinux status: enabled
SELinuxfs mount: /sys/fs/selinux
SELinux root directory: /etc/selinux
Loaded policy name: targeted
Current mode: enforcing
Mode from config file: enforcing
Policy MLS status: enabled
Policy deny_unknown status: allowed
Max kernel policy version: 28
如果要临时关闭,可以执行:setenforce 0
此时状态如下:
[root@rdo ~]# sestatus
SELinux status: enabled
SELinuxfs mount: /sys/fs/selinux
SELinux root directory: /etc/selinux Loaded policy name: targeted
Current mode: permissive
Mode from config file: enforcing
Policy MLS status: enabled
Policy deny_unknown status: allowed Max kernel policy version: 28
如果要永久关闭,可以修改配置文件/etc/selinux/config,将原SELINUX=enforcing修改为SELINU=disabled。
[root@rdo ~]# cat /etc/selinux/config
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
#SELINUX=enforcing SELINUX=disabled
# SELINUXTYPE= can take one of three two values:
# targeted - Targeted processes are protected,
# minimum - Modification of targeted policy. Only selected processes are protected.
# mls - Multi Level Security protection. SELINUXTYPE=targeted
修改该配置文件也可以执行下面的命令来完成:
sed -i '/SELINUX/s/enforcing/disabled/' /etc/selinux/config
修改完成后,保存重启,重启状态如下:
[root@rdo ~]# sestatus
SELinux status: disabled
原文链接:https://blog.youkuaiyun.com/eclothy/article/details/48265445
扫一扫
1786
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
