在linux kernel 2.6的系统（如as4、fc3）里常见
命令setenforce 0可以直接干掉selinux 直接生效
You've setup a new system, or installed something new on your Linux system and its not working. You get the feeling that SELinux is the cause of the problem. This page was written to help.
Should you really disable SELinux?
Temporarily switch off enforcement
Fully Disabling SELinux
here, which states clearly that applications should be fixed to work with SELinux, rather than disabling the OS security mechanism.
You need to decide if you want to disable SELinux temporarily to test the problem, or permanently switch it off. It may also be a better option to make changes to the policy to permit the operations that are being blocked - but this requires knowledge of writing policies and may be a steep learning curve for some people. For the operating system as a whole, there is two kinds of disabling:
- Permissive - switch the SELinux kernel into a mode where every operation is allowed. Operations that would be denied are allowed and a message is logged identifying that it would be denied. The mechanism that defines labels for files which are being created/changed is still active.
- Disabled - SELinux is completely switched off in the kernel. This allows all operations to be permitted, and also disables the process which decides what to label files & processes with.
To check what mode the system is in,which will print a "0" or "1" for permissive or enforcing - probably printed at the beginning of the line of the command prompt.
In Fedora Core and RedHat Enterprise, edit /etc/selinux/config and you will see some lines like this:... just change SELINUX=enforcing to SELINUX=permissive, and you're done. Reboot if you want to prove it.
For the other Linuxes which don't have the /etc/selinux/config file, you just need to edit the kernel boot line, usually in /boot/grub/grub.conf if you're using the GRUB boot loader. On the kernel line, add enforcing=0 at the end. For example,
In Fedora Core and RedHat Enterprise, edit /etc/selinux/config and change the SELINUX line to SELINUX=disabled:... and then reboot the system.
For the other Linuxes which don't have the /etc/selinux/config file, you just need to edit the kernel boot line, usually in /boot/grub/grub.conf, if you're using the GRUB boot loader. On the kernel line, add selinux=0 at the end. For example,You will have to reboot to disable SELinux, you just can't do it while the system is running.
What you need to do is to enable SELinux by editing /etc/selinux/config (for Fedora/RedHat) or by adding selinux=1 to the kernel boot line, then boot into permissive mode, then relabel everything, and then reboot into (or simply switch to) enforcing mode.
After booting into permissive mode, run fixfiles relabel
Alternatively, in Fedora and RedHat Enterprise Linux you can run touch /.autorelabel and reboot or put autorelabel on the boot command line - in both cases the file system gets a full relabel early in the boot process. Note that this can take quite some time for systems with a large number of files.After relabelling the filesystem, you can switch to enforcing mode (see above) and your system should be fully enforcing again.