-
CentOS SELinux: http://wiki.centos.org/zh/HowTos/SELinux
-
SELinux_Howto学习
-
允许root使用authorized_keys登录
/sbin/restorecon -Rv /root/.ssh
-
SELinux重新标签整个文件系统
touch /.autorelabel
reboot
# 假若一个系统在升级至 CentOS-5.2 时停用了 SELinux,然后 SELinux 被启用,重新标签整个文件系统时或许会失败。
# 如果以上的步骤不能正确地将整个文件系统重新标签,请尝试先执行 genhomedircon 这个指令:
genhomedircon
touch /.autorelabel
reboot
-
SELinux造成mysqld启动失败
#/usr/libexec/mysqld: Can't find file: './mysql/plugin.frm' (errno: 13)
# http://bugs.mysql.com/bug.php?id=65413
chcon -R system_u:object_r:mysqld_db_t:s0 /var/lib/mysql/
-
SELinux快速开关
/usr/sbin/setenforce 0 #立刻关闭 SELINUX
/usr/sbin/setenforce 1 #立刻启用 SELINUX
-
Enable or Disable SELinux
http://www.centos.org/docs/5/html/5.2/Deployment_Guide/sec-sel-enable-disable.html
From the command line, you can edit the /etc/sysconfig/selinux file. This file is a symlink to /etc/selinux/config.
The configuration file is self-explanatory. Changing the value of SELINUX or SELINUXTYPE changes the state of SELinux
and the name of the policy to be used the next time the system boots.
[root@host2a ~]# cat /etc/sysconfig/selinux
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - SELinux is fully disabled.
SELINUX=permissive
# SELINUXTYPE= type of policy in use. Possible values are:
# targeted - Only targeted network daemons are protected.
# strict - Full SELinux protection.
SELINUXTYPE=targeted
# SETLOCALDEFS= Check local definition changes
SETLOCALDEFS=0