Fedora
selinux 已禁用,但仍在執行?
我有一些系統,出於各種原因,我們希望完全禁用 selinux。迄今為止,這一直是個不錯的選擇,總是在 kickstarts 中使用 selinux=0 並確保 /etc/sysconfig/selinux 包含:
SELINUX=disabled
但是到今天為止,我有一台已正確設置的 Fedora 17 工作站,但在多次重新啟動後,它總是以強制模式出現:
# cat /etc/sysconfig/selinux # This file controls the state of SELinux on the system. # SELINUX= can take one of these three values: # enforcing - SELinux security policy is enforced. # permissive - SELinux prints warnings instead of enforcing. # disabled - No SELinux policy is loaded. SELINUX=disabled # SELINUXTYPE= can take one of these two values: # targeted - Targeted processes are protected, # minimum - Modification of targeted policy. Only selected processes are protected. # mls - Multi Level Security protection. SELINUXTYPE=targeted # getenforce Enforcing
什麼可能導致 selinux 忽略 sysconfig 條目,或者儘管它啟動?
$$ Edit 1 $$ 我在這裡看到了一個相關的問題並嘗試了這個:
# selinuxenabled ; echo $? 0 # getenforce Enforcing
實際的配置文件是/ etc/sysconfig/selinux連結到的*/etc/sellinux/config 。*看來您可能已經失去了連結並最終得到了一個正常文件。
驗證:
# ls -l /etc/sysconfig/selinux lrwxrwxrwx. 1 root root 17 Dec 22 18:59 /etc/sysconfig/selinux -> ../selinux/config
或檢查*/etc/selinux/config的內容*