art*_*urh 2 selinux centos centos7
我是 CentOS 的新手,并试图启用 SELinux,但在重新启动后无法正常工作,如https://www.digitalocean.com/community/tutorials/an-introduction-to-selinux-on-centos-7-part 所述-1-基本概念。
每次重新启动后我收到的唯一错误消息是:
master:~# cat /var/log/messages | grep "SELinux"
Jul 14 22:11:48 master kernel: SELinux: Disabled at boot.
据谷歌告诉我,这意味着我的配置文件有 SELINUX=0 / SELINUX=disabled。但我的配置文件应该是正确的:
master:~# cat /etc/selinux/config
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=permissive
# SELINUXTYPE= can take one of three two values:
# targeted - Targeted processes are protected,
# minimum - Modification of targeted policy. Only selected processes are protected.
# mls - Multi Level Security protection.
SELINUXTYPE=targeted
我发现描述的 /etc/sysconfig/selinux 符号链接不存在很奇怪,所以它创建了它指向 /etc/selinux/config:
master:~# ls -l /etc/sysconfig/ | grep selinux
lrwxrwxrwx 1 root root 19 Jul 14 22:18 selinux -> /etc/selinux/config
系统详细信息:新安装的最小 CentOS 7 与当前更新:
master:~# uname -a
Linux master 3.10.0-229.el7.x86_64 #1 SMP Fri Mar 6 11:36:42 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux
我还安装了上述链接中描述的软件包:
yum install policycoreutils policycoreutils-python selinux-policy selinux-policy-targeted libselinux-utils setroubleshoot-server setools setools-console mcstrans
知道如何调试吗?除了更改配置文件和重新启动之外,我找不到任何其他方式来启用 SELinux,可能是什么问题?可能缺少内核模块吗?
编辑:
罪魁祸首:
master:~# cat /etc/sysconfig/grub
GRUB_TIMEOUT=5
GRUB_DEFAULT=""
GRUB_DISABLE_SUBMENU=true
GRUB_TERMINAL_OUTPUT="console"
GRUB_CMDLINE_LINUX="rootflags=uquota,gquota acpi=ht crashkernel=auto selinux=0 nodmraid rhgb quiet"
GRUB_DISABLE_RECOVERY="true"
SELinux 在您的内核命令行上被禁用,因为有人插入selinux=0.
要解决此问题,请从 中删除它/etc/sysconfig/grub,重新生成您的 grub 配置,然后重新启动。
你也应该向制作这张图片的人抱怨,因为这是一个非常讨厌的把戏......
| 归档时间: |
|
| 查看次数: |
2418 次 |
| 最近记录: |