CentOS7中关闭selinux

分类:CentOS教程 阅读:69521 次

在安装Cobbler和Puppet时需要关闭selinux,但是通常情况下载安装完CentOS7后,默认情况下SElinux是启用状态,

如下所示:

  1. [root@rdo~]#sestatus
  2. SELinuxstatus:enabled
  3. SELinuxfsmount:/sys/fs/selinux
  4. SELinuxrootdirectory:/etc/selinux
  5. Loadedpolicyname:targeted
  6. Currentmode:enforcing
  7. Modefromconfigfile:enforcing
  8. PolicyMLSstatus:enabled
  9. Policydeny_unknownstatus:allowed
  10. Maxkernelpolicyversion:28

1、如果要临时关闭,可以执行

  1. setenforce0

此时的状态如下

  1. [root@rdo~]#sestatus
  2. SELinuxstatus:enabled
  3. SELinuxfsmount:/sys/fs/selinux
  4. SELinuxrootdirectory:/etc/selinux
  5. Loadedpolicyname:targeted
  6. Currentmode:permissive
  7. Modefromconfigfile:enforcing
  8. PolicyMLSstatus:enabled
  9. Policydeny_unknownstatus:allowed
  10. Maxkernelpolicyversion:28
2、如果要永久关闭,可以修改配置文件/etc/selinux/config,将SELINU置为disabled。
  1. [root@rdo~]#cat/etc/selinux/config
  2. #ThisfilecontrolsthestateofSELinuxonthesystem.
  3. #SELINUX=cantakeoneofthesethreevalues:
  4. #enforcing-SELinuxsecuritypolicyisenforced.
  5. #permissive-SELinuxprintswarningsinsteadofenforcing.
  6. #disabled-NoSELinuxpolicyisloaded.
  7. #SELINUX=enforcing
  8. SELINUX=disabled
  9. #SELINUXTYPE=cantakeoneofthreetwovalues:
  10. #targeted-Targetedprocessesareprotected,
  11. #minimum-Modificationoftargetedpolicy.Onlyselectedprocessesareprotected.
  12. #mls-MultiLevelSecurityprotection.
  13. SELINUXTYPE=targeted

修改该配置文件也可以执行下面的命令来完成
  1. sed-i'/SELINUX/s/enforcing/disabled/'/etc/selinux/config

修改完成后,保存重启,重启后状态如下:

  1. [root@rdo~]#sestatus
  2. SELinuxstatus:disabled