enforcing:强制启用安全策略模式,将拦截服务的不合法请求
permissive:遇到服务越权访问时,只发出警告而不强制拦截
disabled:对于越权的行为不警告也不拦截
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30vim /etc/selinux/config # This file controls the state of SELinux on the system. # SELINUX= can take one of these three values: # enforcing - SELinux security policy is enforced. # permissive - SELinux prints warnings instead of enforcing. # disabled - No SELinux policy is loaded. SELINUX=enforcing # SELINUXTYPE= can take one of these two values: # targeted - Targeted processes are protected, # minimum - Modification of targeted policy. Only selected processes are protected. # mls - Multi Level Security protection. SELINUXTYPE=targeted getenforce Enforcing #setenforce [0|1]命令修改SELinux当前运行模式(0为禁用,1为启用) setenforce 0 getenforce Permissive firefox setenforce 1 ls -Zd /var/www/html drwxr-xr-x. root root system_u:object_r:httpd_sys_content_t:s0 /var/www/html ls -Zd /home/wwwroot drwxrwxrwx. root root unconfined_u:object_r:home_root_t:s0 /home/wwwroot
管理SELinux策略,不仅能够像传统chcon命令那样——设置文件、目录的策略,还可以管理网络端口、消息接口
-l 参数用于查询
-a 参数用于添加
-m 参数用于修改
-d 参数用于删除
1 2 3 4 5 6 7 8 9 10 11semanage fcontext -a -t httpd_sys_content_t /home/wwwroot semanage fcontext -a -t httpd_sys_content_t /home/wwwroot/* restorecon -Rv /home/wwwroot/ restorecon reset /home/wwwroot context unconfined_u:object_r:home_root_t:s0-> unconfined_u:object_r:httpd_sys_content_t:s0 restorecon reset /home/wwwroot/index.html context unconfined_u:object_r:home_root_ t:s0->unconfined_u:object_r:httpd_sys_content_t:s0 firefox systemctl enable httpd
Copyright ©2010-2022 比特日记 All Rights Reserved.