Centos

CentOS 上的 SELinux 無法正常工作

  • July 14, 2015

我是 CentOS 的新手並嘗試啟用 SELinux,但它在重啟後無法正常工作,如https://www.digitalocean.com/community/tutorials/an-introduction-to-selinux-on-centos-7-part所述-1-基本概念

每次重新啟動後我收到的唯一錯誤消息是:

master:~# cat /var/log/messages | grep "SELinux"
Jul 14 22:11:48 master kernel: SELinux:  Disabled at boot.

據Google告訴我,這意味著我的配置文件有 SELINUX=0 / SELINUX=disabled。但我的配置文件應該是正確的:

master:~# cat /etc/selinux/config

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
SELINUX=permissive
# SELINUXTYPE= can take one of three two values:
#     targeted - Targeted processes are protected,
#     minimum - Modification of targeted policy. Only selected processes are protected.
#     mls - Multi Level Security protection.
SELINUXTYPE=targeted

我發現所描述的 /etc/sysconfig/selinux 符號連結不存在很奇怪,因此它創建了指向 /etc/selinux/config 的符號連結:

master:~# ls -l /etc/sysconfig/ | grep selinux
lrwxrwxrwx 1 root root   19 Jul 14 22:18 selinux -> /etc/selinux/config

系統詳細資訊:新安裝的最小 CentOS 7 和目前更新:

master:~# uname -a
Linux master 3.10.0-229.el7.x86_64 #1 SMP Fri Mar 6 11:36:42 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux

我還安裝了上面連結中描述的軟體包:

yum install policycoreutils policycoreutils-python selinux-policy selinux-policy-targeted libselinux-utils setroubleshoot-server setools setools-console mcstrans

知道如何調試嗎?除了更改配置文件並重新啟動之外,我找不到任何其他方法來啟用 SELinux,這可能是什麼問題?可能缺少核心模組嗎?

編輯:

罪魁禍首:

master:~# cat /etc/sysconfig/grub
GRUB_TIMEOUT=5
GRUB_DEFAULT=""
GRUB_DISABLE_SUBMENU=true
GRUB_TERMINAL_OUTPUT="console"
GRUB_CMDLINE_LINUX="rootflags=uquota,gquota acpi=ht crashkernel=auto selinux=0 nodmraid rhgb quiet"
GRUB_DISABLE_RECOVERY="true"

SELinux 在您的核心命令行上被禁用,有人插入selinux=0.

要解決此問題,請將其從 中刪除/etc/sysconfig/grub重新生成 grub 配置,然後重新啟動。

您還應該向製作此圖像的人抱怨,因為這是一個非常討厭的把戲……

引用自:https://serverfault.com/questions/705758