selinux配置文件在/etc/selinux/config
内容如下:
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - SELinux is fully disabled.
SELINUX=enforcing
# SELINUXTYPE= type of policy in use. Possible values are:
# targeted - Only targeted network daemons are protected.
# strict - Full SELinux protection.
SELINUXTYPE=targeted
经常运维的同事都知道,做升级加固的时候,这个东西很是烦人,稍微不注意,就是因为这个参数引起的升级失败,所以我的意见是安装好操作系统的时候,如果有该配置文件,直接将参数设置为
SELINUX=disabled
并重启服务器,因为刚安装好的系统,还不代业务,重启系统不影响,以绝后患,但是不知道这样的想法可行不,希望大家出来讨论。