\u5728\u672c\u4e3b\u9898\u4e2d\uff0c\u60a8\u5c06\u5b66\u4e60\u5982\u4f55\u4e34\u65f6\u7981\u7528SELinux\uff0c\u7136\u540e\u5728CentOS 8 Linux\u4e0a\u6c38\u4e45\u7981\u7528\u5b83\u3002<\/p>\n

\u5982\u4f55\u5728CentOS 8\u4e0a\u6682\u65f6\u7981\u7528SELinux<\/strong><\/div>\n
\u5728\u5f00\u59cb\u5728CentOS 8\u4e0a\u7981\u7528SELinux\u4e4b\u524d\uff0c\u8bf7\u52a1\u5fc5\u5148\u68c0\u67e5SELinux\u7684\u72b6\u6001\u3002<\/p>\n
\u4e3a\u6b64\uff0c\u8bf7\u8fd0\u884c\u4ee5\u4e0b\u547d\u4ee4\uff1a<\/p>\n
[root@localhost www.linuxidc.com]# sestatus\r\nSELinux status:\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 enabled\r\nSELinuxfs mount:\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \/sys\/fs\/selinux\r\nSELinux root directory:\u00a0 \u00a0 \u00a0 \u00a0 \/etc\/selinux\r\nLoaded policy name:\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 targeted\r\nCurrent mode:\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 enforcing\r\nMode from config file:\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 enforcing\r\nPolicy MLS status:\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 enabled\r\nPolicy deny_unknown status:\u00a0 \u00a0 allowed\r\nMemory protection checking:\u00a0 \u00a0 actual (secure)\r\nMax kernel policy version:\u00a0 \u00a0 \u00a0 31<\/pre>\n
$\"\"$ <\/p>\n
\u8fd9\u8868\u660eSELinux\u5df2\u542f\u52a8\u5e76\u6b63\u5728\u8fd0\u884c\u3002<\/p>\n
\u8981\u6682\u65f6\u7981\u7528SELinux\uff0c\u8bf7\u8fd0\u884c\u547d\u4ee4\u3002<\/p>\n
# setenforce 0<\/pre>\n
\u53e6\u5916\uff0c\u60a8\u53ef\u4ee5\u8fd0\u884c\u547d\u4ee4\u3002<\/p>\n
# setenforce Permissive<\/pre>\n
\u8fd9\u4e9b\u547d\u4ee4\u4e2d\u7684\u4efb\u4f55\u4e00\u4e2a\u90fd\u5c06\u6682\u65f6\u7981\u7528SELinux\uff0c\u76f4\u5230\u4e0b\u6b21\u91cd\u542f\u4e3a\u6b62\u3002<\/p>\n
\u5982\u4f55\u5728CentOS 8\u4e0a\u6c38\u4e45\u7981\u7528SELinux<\/strong><\/div>\n
\u73b0\u5728\uff0c\u8ba9\u6211\u4eec\u770b\u770b\u5982\u4f55\u6c38\u4e45\u7981\u7528SELinux\u3002 SElinux\u7684\u914d\u7f6e\u6587\u4ef6\u4f4d\u4e8e\u00a0\/etc\/selinux\/config\u3002 \u56e0\u6b64\uff0c\u6211\u4eec\u9700\u8981\u5bf9\u8be5\u6587\u4ef6\u8fdb\u884c\u4e00\u4e9b\u4fee\u6539\u3002<\/p>\n
# vi \/etc\/selinux\/config<\/pre>\n
\u5c06SELinux\u5c5e\u6027\u8bbe\u7f6e\u4e3aDisabled\uff0c\u5982\u4e0b\u6240\u793a\uff1a<\/p>\n
# This file controls the state of SELinux on the system.\r\n# SELINUX= can take one of these three values:\r\n#\u00a0 \u00a0 enforcing - SELinux security policy is enforced.\r\n#\u00a0 \u00a0 permissive - SELinux prints warnings instead of enforcing.\r\n#\u00a0 \u00a0 disabled - No SELinux policy is loaded.\r\nSELINUX=disabled<\/strong>\r\n# SELINUXTYPE= can take one of these three values:\r\n#\u00a0 \u00a0 targeted - Targeted processes are protected,\r\n#\u00a0 \u00a0 minimum - Modification of targeted policy. Only selected processes are protected.\r\n#\u00a0 \u00a0 mls - Multi Level Security protection.\r\nSELINUXTYPE=targeted<\/pre>\n
$\"\"$ <\/p>\n
\u4fdd\u5b58\u5e76\u9000\u51fa\u914d\u7f6e\u6587\u4ef6\uff0c\u7136\u540e\u4f7f\u7528\u4ee5\u4e0b\u4efb\u4f55\u547d\u4ee4\u91cd\u65b0\u542f\u52a8CentOS 8 Linux\u7cfb\u7edf\u3002<\/p>\n
# reboot\r\n# init 0\r\n# telinit 0<\/pre>\n
\u73b0\u5728\uff0c\u4f7f\u7528\u547d\u4ee4\u68c0\u67e5SELinux\u7684\u72b6\u6001\u3002<\/p>\n
[linuxidc@localhost www.linuxidc.com]$ sestatus\r\nSELinux status:\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 disabled<\/pre>\n
$\"\"$ <\/p>\n
SELinux\u662fCentOS 8\u4e0a\u975e\u5e38\u5173\u952e\u7684\u529f\u80fd\uff0c\u6709\u52a9\u4e8e\u9650\u5236\u672a\u7ecf\u6388\u6743\u7684\u7528\u6237\u8bbf\u95ee\u7cfb\u7edf\u4e0a\u7684\u67d0\u4e9b\u670d\u52a1\u3002<\/p>\n
\u5728\u672c\u6307\u5357\u4e2d\uff0c\u6211\u4eec\u6f14\u793a\u4e86\u5982\u4f55\u5728CentOS 8\u4e0a\u7981\u7528SELinux\u3002\u7406\u60f3\u60c5\u51b5\u4e0b\uff0c\u9664\u914d\u7f6e\u9700\u8981\u7981\u7528SELinux\u7684\u670d\u52a1\u7684\u5b9e\u4f8b\u5916\uff0c\u59cb\u7ec8\u5efa\u8bae\u4fdd\u6301SELinux\u5904\u4e8e\u542f\u7528\u72b6\u6001\u3002<\/p>\n
\u5e0c\u671b\u60a8\u5bf9\u672c\u6307\u5357\u6709\u6240\u4e86\u89e3\u3002 \u4eca\u5929\u5c31\u8fd9\u4e9b\u3002 \u975e\u5e38\u6b22\u8fce\u60a8\u63d0\u4f9b\u53cd\u9988\u3002<\/p>\n","protected":false},"excerpt":{"rendered":"
\u5728\u672c\u4e3b\u9898\u4e2d\uff0c\u60a8\u5c06\u5b66\u4e60\u5982\u4f55\u4e34\u65f6\u7981\u7528SELinux\uff0c\u7136\u540e\u5728CentOS 8 Linux\u4e0a\u6c38\u4e45\u7981\u7528\u5b83\u3002 \u5728\u5f00\u59cb\u5728Ce […]<\/p>\n","protected":false},"author":63,"featured_media":165125,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[55],"tags":[],"class_list":["post-165120","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-thread"],"acf":[],"_links":{"self":[{"href":"https:\/\/gulass.cn\/wp-json\/wp\/v2\/posts\/165120","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/gulass.cn\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/gulass.cn\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/gulass.cn\/wp-json\/wp\/v2\/users\/63"}],"replies":[{"embeddable":true,"href":"https:\/\/gulass.cn\/wp-json\/wp\/v2\/comments?post=165120"}],"version-history":[{"count":2,"href":"https:\/\/gulass.cn\/wp-json\/wp\/v2\/posts\/165120\/revisions"}],"predecessor-version":[{"id":165253,"href":"https:\/\/gulass.cn\/wp-json\/wp\/v2\/posts\/165120\/revisions\/165253"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/gulass.cn\/wp-json\/wp\/v2\/media\/165125"}],"wp:attachment":[{"href":"https:\/\/gulass.cn\/wp-json\/wp\/v2\/media?parent=165120"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/gulass.cn\/wp-json\/wp\/v2\/categories?post=165120"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/gulass.cn\/wp-json\/wp\/v2\/tags?post=165120"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}