臨時(shí)關(guān)閉
[root@localhost ~]# setenforce 0

臨時(shí)開(kāi)啟
[root@localhost ~]# setenforce 1
Enforcing //開(kāi)啟狀態(tài)
Permissive //關(guān)閉狀態(tài)

永久關(guān)閉
[root@localhost ~]# vim /etc/selinux/config
將SELINUX的值設(shè)置為disabled

查看狀態(tài)
[root@localhost ~]# getenforce

查看所有設(shè)置項(xiàng)
[root@localhost ~]# getsebool -a

查找特定內(nèi)容,比如zabbix
[root@localhost ~]# getsebool -a|grep zabbix
httpd_can_connect_zabbix --> off
zabbix_can_network --> off

放開(kāi)防火墻限制
[root@localhost ~]# setsebool -P httpd_can_connect_zabbix on
[root@localhost ~]# setsebool -P zabbix_can_network on
[root@localhost ~]# setsebool -P httpd_can_network_connect on

再次查看
[root@localhost ~]# getsebool -a|grep zabbix
httpd_can_connect_zabbix --> on
zabbix_can_network --> on

查看/home/目錄selinux信息
[root@localhost ~]# ls -Zd /home/
drwxr-xr-x. root root system_u:object_r:home_root_t:s0 /home/

改安全標(biāo)簽
[root@localhost ~]# chcon -u system_u -t httpd_sys_content_t /home/

如果不知道屬于哪個(gè)標(biāo)簽，查看selinux日志
[root@localhost ~]# tail -f /var/log/audit/audit.log

生成semodule
[root@localhost ~]# cat /var/log/audit/audit.log | grep zabbix_server | grep denied | audit2allow -M zabbix-server_setrlimit
******************** IMPORTANT ***********************
To make this policy package active, execute:

semodule -i zabbix-server_setrlimit.pp

導(dǎo)入semodule
[root@localhost ~]# semodule -i zabbix-server_setrlimit.pp
查看semodule
[root@localhost ~]# semodule -l