본문 바로가기

리눅스

[리눅스] CentOS SELinux를 비활성화하는 방법

728x90

CentOS SELinux를 비활성하는 방법(selinux disabled)

재시작하지 않고 selinux 비활성화하기

setenforce 0

sestatus
$ sestatus
SELinux status:                 enabled
SELinuxfs mount:                /sys/fs/selinux
SELinux root directory:         /etc/selinux
Loaded policy name:             targeted
Current mode:                   enforcing
Mode from config file:          enforcing
Policy MLS status:              enabled
Policy deny_unknown status:     allowed
Memory protection checking:     actual (secure)
Max kernel policy version:      31
setenforce 0
$ sestatus    
SELinux status:                 enabled
SELinuxfs mount:                /sys/fs/selinux
SELinux root directory:         /etc/selinux
Loaded policy name:             targeted
Current mode:                   permissive
Mode from config file:          enforcing
Policy MLS status:              enabled
Policy deny_unknown status:     allowed
Memory protection checking:     actual (secure)
Max kernel policy version:      31
sestatus | grep "Current mode"
$ sestatus | grep "Current mode"
Current mode:                   permissive

selinux 비활성화하기

 - 시스템 부팅 후 적용

config 편집

vim /etc/selinux/config
$ vim /etc/selinux/config
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of three values:
#     targeted - Targeted processes are protected,
#     minimum - Modification of targeted policy. Only selected processes are protected. 
#     mls - Multi Level Security protection.
SELINUXTYPE=targeted

sed 명령어로 문자열 변경

sed -i 's/enforcing/disabled/g' /etc/selinux/config
$ sed -i 's/enforcing/disabled/g' /etc/selinux/config

재시작 후 selinux 확인

$ sestatus    
SELinux status:                 disabled
728x90