https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html-single/using_selinux/index
/sys/fs/selinux/Disabled
/etc/selinux/config
is file controls the state of SELinux on the system.
#SELINUX= can take one of these three values:
#enforcing - SELinux security policy is enforced.
#permissive - SELinux prints warnings instead of enforcing.
#disabled - No SELinux policy is loaded. 如果配置是这个的话,目录 /sys/fs/selinux/目录就不会存在。只有enforcing时才出现这个目录。
SELINUX=disabled
#SELINUXTYPE= can take one of these three values:
#targeted - Targeted processes are protected,
#minimum - Modification of targeted policy. only selected processes are protected.
#mls - Multi Level Security protection.
SELINUXTYPE=targeted
The /etc/selinux/config configuration file also controls what policy is active on the system. SELinux allows for multiple policies to be
installed on the system, but only one policy may be active at any given time. At present, multiple kinds of SELinux policy exist: targeted, mls for example. The targeted policy is designed as a policy where most user processes operate without restrictions, and only specific services are placed into distinct security domains that are confined by the policy. For example, the user would run in a completely unconfined domain while the named daemon or apache daemon would run in a specific domain tailored to its operation. The MLS (Multi-Level Security) policy is designed as a policy where all processes are partitioned into fine-grained security domains and confined by policy. MLS also supports the Bell And LaPadula model, where processes are not only confined by the type but also the level of the data.
getenforce
setenforce
semanage permissive -a httpd_t
sestatus
而且都报,permission 问题,有可能是这个selinux捣的鬼。
很多文件目录的权限标志位,的最后一个位为点。这个点就代表了收Selinux保护。
