1. 查看SELinux状态

1.1 getenforce

getenforce 命令是单词get（获取）和enforce(执行)连写，可查看selinux状态，与setenforce命令相反。

setenforce 命令则是单词set（设置）和enforce(执行)连写，用于设置selinux防火墙状态，如： setenforce 0用于关闭selinux防火墙，但重启后失效

[root@localhost ~]# getenforce

Enforcing1.2 /usr/sbin/sestatus

Current mode表示当前selinux防火墙的安全策略

[root@localhost ~]# /usr/sbin/sestatus

SELinux status: enabledSELinuxfs mount: /sys/fs/selinuxSELinux root directory: /etc/selinuxLoaded policy name: targetedCurrent mode: enforcingMode from config file: enforcingPolicy MLS status: enabledPolicy deny_unknown status: allowedMax kernel policy version: 28SELinux status：selinux防火墙的状态，enabled表示启用selinux防火墙Current mode： selinux防火墙当前的安全策略，enforcing 表示强

2. 关闭SELinux

2.1 临时关闭

setenforce 0 ：用于关闭selinux防火墙，但重启后失效。

[root@localhost ~]# setenforce 0

[root@localhost ~]# /usr/sbin/sestatusSELinux status: enabledSELinuxfs mount: /sys/fs/selinuxSELinux root directory: /etc/selinuxLoaded policy name: targetedCurrent mode: permissiveMode from config file: enforcingPolicy MLS status: enabledPolicy deny_unknown status: allowedMax kernel policy version: 282.1 永久关闭

修改selinux的配置文件，重启后生效。

打开 selinux 配置文件

[root@localhost ~]# vim /etc/selinux/config

修改 selinux 配置文件

将SELINUX=enforcing改为SELINUX=disabled，保存后退出

This file controls the state of SELinux on the system.

SELINUX= can take one of these three values:

enforcing - SELinux security policy is enforced.

permissive - SELinux prints warnings instead of enforcing.

disabled - No SELinux policy is loaded.

SELINUX=enforcing

SELINUXTYPE= can take one of three two values:

targeted - Targeted processes are protected,

minimum - Modification of targeted policy. Only selected processes are protected.

mls - Multi Level Security protection.

SELINUXTYPE=targeted

此时获取当前selinux防火墙的安全策略仍为Enforcing，配置文件并未生效。

[root@localhost ~]# getenforce

Enforcing重启

[root@localhost ~]# reboot

验证

[root@localhost ~]# /usr/sbin/sestatus

SELinux status: disabled

[root@localhost ~]# getenforce

Disabled