在安装Cobbler和Puppet时需要关闭selinux,但是通常情况下载安装完CentOS7后,默认情况下SElinux是启用状态,
如下所示:
- [root@rdo ~]# sestatus
- SELinux status: enabled
- SELinuxfs mount: /sys/fs/selinux
- SELinux root directory: /etc/selinux
- Loaded policy name: targeted
- Current mode: enforcing
- Mode from config file: enforcing
- Policy MLS status: enabled
- Policy deny_unknown status: allowed
- Max kernel policy version: 28
1、如果要临时关闭,可以执行
- setenforce 0
此时的状态如下
- [root@rdo ~]# sestatus
- SELinux status: enabled
- SELinuxfs mount: /sys/fs/selinux
- SELinux root directory: /etc/selinux
- Loaded policy name: targeted
- Current mode: permissive
- Mode from config file: enforcing
- Policy MLS status: enabled
- Policy deny_unknown status: allowed
- Max kernel policy version: 28
2、如果要永久关闭,可以修改配置文件/etc/selinux/config,将SELINU置为disabled。
- [root@rdo ~]# cat /etc/selinux/config
- # This file controls the state of SELinux on the system.
- # SELINUX= can take one of these three values:
- # enforcing - SELinux security policy is enforced.
- # permissive - SELinux prints warnings instead of enforcing.
- # disabled - No SELinux policy is loaded.
- #SELINUX=enforcing
- SELINUX=disabled
- # SELINUXTYPE= can take one of three two values:
- # targeted - Targeted processes are protected,
- # minimum - Modification of targeted policy. Only selected processes are protected.
- # mls - Multi Level Security protection.
- SELINUXTYPE=targeted
修改该配置文件也可以执行下面的命令来完成
- sed -i '/SELINUX/s/enforcing/disabled/' /etc/selinux/config
修改完成后,保存重启,重启后状态如下:
- [root@rdo ~]# sestatus
- SELinux status: disabled
http://www.centoscn.com/CentOS/config/2015/0618/5681.html