我是CentOS的新手,尝试启用SELinux,重启后不工作,详见https://www.digitalocean.com/community/tutorials/an-introduction-to-selinux-on-centos-7-part -1-基本概念 。
我每次重新启动后唯一的错误消息是:
master:~# cat /var/log/messages | grep "SELinux" Jul 14 22:11:48 master kernel: SELinux: Disabled at boot. 据谷歌可以告诉我这意味着我的configuration文件已SELINUX = 0 / SELINUX =禁用。 但我的configuration文件应该是正确的:
master:~# cat /etc/selinux/config # This file controls the state of SELinux on the system. # SELINUX= can take one of these three values: # enforcing - SELinux security policy is enforced. # permissive - SELinux prints warnings instead of enforcing. # disabled - No SELinux policy is loaded. SELINUX=permissive # SELINUXTYPE= can take one of three two values: # targeted - Targeted processes are protected, # minimum - Modification of targeted policy. Only selected processes are protected. # mls - Multi Level Security protection. SELINUXTYPE=targeted
我发现奇怪的是,描述的/ etc / sysconfig / selinux符号链接不存在,所以创build它指向/ etc / selinux / config:
master:~# ls -l /etc/sysconfig/ | grep selinux lrwxrwxrwx 1 root root 19 Jul 14 22:18 selinux -> /etc/selinux/config
系统详细信息:新安装的最小CentOS 7与当前更新:
master:~# uname -a Linux master 3.10.0-229.el7.x86_64 #1 SMP Fri Mar 6 11:36:42 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux
我还安装了上述链接中描述的软件包:
yum install policycoreutils policycoreutils-python selinux-policy selinux-policy-targeted libselinux-utils setroubleshoot-server setools setools-console mcstrans
任何想法如何debugging呢? 除了更改configuration文件并重新启动之外,我找不到其他方法来启用SELinux,可能会出现什么问题? 内核模块可能会丢失?
编辑:
罪魁祸首:
master:~# cat /etc/sysconfig/grub GRUB_TIMEOUT=5 GRUB_DEFAULT="" GRUB_DISABLE_SUBMENU=true GRUB_TERMINAL_OUTPUT="console" GRUB_CMDLINE_LINUX="rootflags=uquota,gquota acpi=ht crashkernel=auto selinux=0 nodmraid rhgb quiet" GRUB_DISABLE_RECOVERY="true"
SELinux在你的内核命令行被禁用,被插入selinux=0人所禁用。
要解决这个问题,从/etc/sysconfig/grub删除这个, 重新生成你的grubconfiguration ,然后重启。
你也应该抱怨谁制作这个形象,因为这是一个非常讨厌的伎俩玩…