Инструменты пользователя
linux:selinux
Warning: Undefined array key -1 in /home/virtwww/w_linko22-ru_c0d3353b/http/inc/html.php on line 1458
Различия
Показаны различия между двумя версиями страницы.
| Предыдущая версия справа и слева Предыдущая версия Следующая версия | Предыдущая версия | ||
|
linux:selinux [2011/10/10 14:15] linko22@gmail.com [Permanently Permissive] |
linux:selinux [2011/10/10 14:18] (текущий) linko22@gmail.com [Re-Enabling SELinux] |
||
|---|---|---|---|
| Строка 65: | Строка 65: | ||
| Fully disabling SELinux goes one step further than just switching into permissive mode. Disabling will completely disable all SELinux functions including file and process labelling. | Fully disabling SELinux goes one step further than just switching into permissive mode. Disabling will completely disable all SELinux functions including file and process labelling. | ||
| - | In Fedora Core and RedHat Enterprise, edit / | + | In Fedora Core and RedHat Enterprise, edit **/ |
| + | <code bash> | ||
| # This file controls the state of SELinux on the system. | # This file controls the state of SELinux on the system. | ||
| # SELINUX= can take one of these three values: | # SELINUX= can take one of these three values: | ||
| Строка 78: | Строка 78: | ||
| # strict - Full SELinux protection. | # strict - Full SELinux protection. | ||
| SELINUXTYPE=targeted | SELINUXTYPE=targeted | ||
| + | </ | ||
| ... and then reboot the system. | ... and then reboot the system. | ||
| - | For the other Linuxes which don't have the / | + | For the other Linuxes which don't have the **/ |
| + | <code bash> | ||
| title SE-Linux Test System | title SE-Linux Test System | ||
| root (hd0,0) | root (hd0,0) | ||
| kernel / | kernel / | ||
| #initrd / | #initrd / | ||
| + | </ | ||
| You will have to reboot to disable SELinux, you just can't do it while the system is running. | You will have to reboot to disable SELinux, you just can't do it while the system is running. | ||
| ===== Re-Enabling SELinux ===== | ===== Re-Enabling SELinux ===== | ||
| If you've disabled SELinux as in the section above, and you want to enable it again then you've got a bit of work to do. The problem will be that files created or changed when SELinux was disabled won't have the correct file labels on them - if you just reboot in enforcing mode then a lot of stuff won't work properly. | If you've disabled SELinux as in the section above, and you want to enable it again then you've got a bit of work to do. The problem will be that files created or changed when SELinux was disabled won't have the correct file labels on them - if you just reboot in enforcing mode then a lot of stuff won't work properly. | ||
| - | What you need to do is to enable SELinux by editing / | + | What you need to do is to enable SELinux by editing |
| After booting into permissive mode, run | After booting into permissive mode, run | ||
| - | fixfiles relabel | + | <code bash>fixfiles relabel</ |
| Alternatively, | Alternatively, | ||
| - | touch / | + | <code bash>touch / |
| and reboot or put | and reboot or put | ||
| - | autorelabel | + | <code bash>autorelabel</ |
| on the boot command line - in both cases the file system gets a full relabel early in the boot process. Note that this can take quite some time for systems with a large number of files. | on the boot command line - in both cases the file system gets a full relabel early in the boot process. Note that this can take quite some time for systems with a large number of files. | ||
| After relabelling the filesystem, you can switch to enforcing mode (see above) and your system should be fully enforcing again. | After relabelling the filesystem, you can switch to enforcing mode (see above) and your system should be fully enforcing again. | ||
linux/selinux.1318241750.txt.gz · Последнее изменение: 2011/10/10 14:15 — linko22@gmail.com
Инструменты страницы
Если не указано иное, содержимое этой вики предоставляется на условиях следующей лицензии: CC Attribution-Noncommercial-Share Alike 4.0 International
