Selinux

為什麼在 permissive 模式下會出現 SELinux 錯誤?

  • November 25, 2021

我已將 SELinux 設置為 CentOS 8 Stream,permissive但日誌中仍有一堆紅線,例如:

SELinux is preventing /usr/lib/systemd/systemd from name_connect access on the tcp_socket port 80

這些是真實的還是只是列印出來的——如果它處於restrictive模式會發生什麼?

根據文件:

當 SELinux 在許可模式下執行時,不會強制執行 SELinux 策略。系統保持正常執行,SELinux 不拒絕任何操作,僅記錄 AVC 消息,然後可用於故障排除、調試和 SELinux 策略改進。

https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/using_selinux/changing-selinux-states-and-modes_using-selinux

另見/etc/selinux/config

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#       enforcing - SELinux security policy is enforced.
#       permissive - SELinux prints warnings instead of enforcing.
#       disabled - No SELinux policy is loaded.
SELINUX=permissive

引用自:https://serverfault.com/questions/1084606