Red Hat Summitこのコンテンツは選択した言語では利用できません。
21.2.2. SELinux Configuration Files
The following sections describe SELinux configuration and policy files, and related file systems located in the
/etc/ directory.
21.2.2.1. The /etc/sysconfig/selinux Configuration File
リンクのコピーリンクがクリップボードにコピーされました!
There are two ways to configure SELinux under Red Hat Enterprise Linux: using the Security Level Configuration Tool (
system-config-securitylevel), or manually editing the configuration file (/etc/sysconfig/selinux).
The
/etc/sysconfig/selinux file is the primary configuration file for enabling or disabling SELinux, as well as setting which policy to enforce on the system and how to enforce it.
Note
The
/etc/sysconfig/selinux contains a symbolic link to the actual configuration file, /etc/selinux/config.
The following explains the full subset of options available for configuration:
SELINUX=<enforcing|permissive|disabled>— Defines the top-level state of SELinux on a system.enforcing— The SELinux security policy is enforced.permissive— The SELinux system prints warnings but does not enforce policy. This is useful for debugging and troubleshooting purposes. In permissive mode, more denials will be logged, as subjects will be able to continue with actions otherwise denied in enforcing mode. For example, traversing a directory tree will produce multipleavc: deniedmessages for every directory level read, where a kernel in enforcing mode would have stopped the initial traversal and kept further denial messages from occurring.disabled— SELinux is fully disabled. SELinux hooks are disengaged from the kernel and the pseudo-file system is unregistered.Note
Actions made while SELinux is disabled may cause the file system to no longer have the proper security context as defined by the policy. Runningfixfiles relabelprior to enabling SELinux will relabel the file system so that SELinux works properly when enabled. For more information, refer to thefixfiles(8) manpage.
Note
Additional white space at the end of a configuration line or as extra lines at the end of the file may cause unexpected behavior. To be safe, remove unnecessary white spaces.SELINUXTYPE=<targeted|strict>— Specifies which policy is currently being enforced by SELinux.targeted— Only targeted network daemons are protected.Important
The following daemons are protected in the default targeted policy:dhcpd,httpd (apache.te),named,nscd,ntpd,portmap,snmpd,squid, andsyslogd. The rest of the system runs in theunconfined_tdomain.The policy files for these daemons can be found in/etc/selinux/targeted/src/policy/domains/programand are subject to change, as newer versions of Red Hat Enterprise Linux are released.Policy enforcement for these daemons can be turned on or off, using Boolean values controlled by Security Level Configuration Tool (system-config-securitylevel). Switching a Boolean value for a targeted daemon disables the policy transition for the daemon, which prevents, for example,initfrom transitioningdhcpdfrom theunconfined_tdomain to the domain specified indhcpd.te. The domainunconfined_tallows subjects and objects with that security context to run under standard Linux security.strict— Full SELinux protection, for all daemons. Security contexts are defined for all subjects and objects, and every single action is processed by the policy enforcement server.
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}