selinux开关的位置为:/etc/seliunx/config
直接cat此文件便可以查看到
[root@localhost /]# cat /etc/selinux/config
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=enforcing
# SELINUXTYPE= can take one of these two values:
# targeted - Targeted processes are protected,
# mls - Multi Level Security protection.
SELINUXTYPE=targeted
其中enforcing表示全部开启,permissive表示会提示需确认,disabled表示全部关闭
这里选择全部关闭,使用sed命令(当然vi最简单)
cp /etc/selinux/comfig /etc/selinux/config.cp.20151001
sed 's@SELINUX=enforcing@SELINUX=disabled@g' /etc/selinux/config
之后cat一下看看
[root@localhost /]# cat /etc/selinux/config
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# disabled - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of disabled.
# disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of these two values:
# targeted - Targeted processes are protected,
# mls - Multi Level Security protection.
SELINUXTYPE=targeted
看到SELINUX=disabled就算完成了
不过是不生效的,需要重启计算机,如果生产环境限制不允许重启,可以添加命令临时修改
[root@localhost /]# setenforce
usage: setenforce [ Enforcing | Permissive | 1 | 0 ]
[root@localhost /]# getenforce
Enforcing
[root@localhost /]# setenforce 0
[root@localhost /]# getenforce
Permissive
setenforce只有两个选项,1是enforcing是开启,0是permissive是关闭,改成关闭就可以了
虽然permissive不是disabled,但是警告提示足够临时使用
转载于:https://blog.51cto.com/10552290/1699717