Fedora

selinux 已禁用,但仍在執行?

  • February 13, 2018

我有一些系統,出於各種原因,我們希望完全禁用 selinux。迄今為止,這一直是個不錯的選擇,總是在 kickstarts 中使用 selinux=0 並確保 /etc/sysconfig/selinux 包含:

SELINUX=disabled

但是到今天為止,我有一台已正確設置的 Fedora 17 工作站,但在多次重新啟動後,它總是以強制模式出現:

# cat /etc/sysconfig/selinux
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of these two values:
#     targeted - Targeted processes are protected,
#     minimum - Modification of targeted policy. Only selected processes are protected. 
#     mls - Multi Level Security protection.
SELINUXTYPE=targeted 

# getenforce
Enforcing

什麼可能導致 selinux 忽略 sysconfig 條目,或者儘管它啟動?

$$ Edit 1 $$ 我在這裡看到了一個相關的問題並嘗試了這個:

# selinuxenabled ; echo $?
0
# getenforce
Enforcing

實際的配置文件是/ etc/sysconfig/selinux連結到的*/etc/sellinux/config 。*看來您可能已經失去了連結並最終得到了一個正常文件。

驗證:

# ls -l /etc/sysconfig/selinux
lrwxrwxrwx. 1 root root 17 Dec 22 18:59 /etc/sysconfig/selinux -> ../selinux/config

或檢查*/etc/selinux/config的內容*

引用自:https://serverfault.com/questions/500957