selinux操作

setenforce 0 关闭SELinux

setenforce 1 临时打开SELinux

getenforce 查看SELinux状态

永久关闭SELinux ：

# cat /etc/selinux/config

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=enforcing
# SELINUXTYPE= can take one of these two values:
# default - equivalent to the old strict and targeted policies
# mls     - Multi-Level Security (for military and educational use)
# src     - Custom policy built from source
#SELINUXTYPE=default
#SELINUXTYPE=ubuntu
SELINUXTYPE=g6s-policy

# SETLOCALDEFS= Check local definition changes
SETLOCALDEFS=

上面改为SELINUX=disabled  #可以关闭selinux,免得每次启动都要setenforce 0关闭selinux

查看selinux策略

# sestatus
SELinux status:                 enabled         若上面将SELINUX改为disabled，这里就是disabled，getenforce也是
SELinuxfs mount:                /sys/fs/selinux
SELinux root directory:         /etc/selinux    相关的配置等文件会放在这里面
Loaded policy name:             my-policy
Current mode:                   enforcing
Mode from config file:          enforcing
Policy MLS status:              disabled
Policy deny_unknown status:     denied
Memory protection checking:     actual (secure)
Max kernel policy version: