setenforce 0
usage: setenforce [ Enforcing | Permissive | 1 | 0 ]
/etc/selinux/config
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of these two values:
# targeted - Targeted processes are protected,
# mls - Multi Level Security protection.
SELINUXTYPE=targeted
# SETLOCALDEFS= Check local definition changes
SETLOCALDEFS=0
enforcing : SELinux¸¦ ¿ÏÀüÈ÷ È°¼ºÈÇϽ÷Á¸é enforcing ¿É¼ÇÀ» ¼±ÅÃ
enforcing ¿É¼ÇÀ» ¼±ÅÃÇϸé Ãß°¡ ½Ã½ºÅÛ º¸¾ÈÀ» À§ÇØ ¸ðµç º¸¾È Á¤Ã¥ (¿¹, Çã°¡°¡ ¾ø´Â »ç¿ëÀÚ°¡ ƯÁ¤ÇÑ ÆÄÀÏÀ̳ª ÇÁ·Î±×·¥¿¡ Á¢±ÙÇÏ´Â °ÍÀ» °ÅºÎÇϱâ)À» »ç¿ëÇÑ´Ù. SELinux°¡ ¿ÏÀüÈ÷ ½ÇÇàµÇ¾îµµ ¾Æ¹«·± ÁöÀåÀ» ¹ÞÁö¾Ê°í ÀϹÝÀûÀÎ ½Ã½ºÅÛ ÀÛ¾÷À» ¼öÇàÇÒ ¼ö ÀÖ´Ù°í ÀÚ½ÅÇϽðæ¿ì ÀÌ ¿É¼ÇÀ» ¼±ÅÃÇÑ´Ù.
permissive : ÀÌ°ÍÀ» ¼±ÅÃÇÏ¸é ¼ºñ½º °ÅºÎ ¸Þ½ÃÁö¸¦ Å뺸¹ÞÀ» ¼ö ÀÖ´Ù. permissive »óÅ·Π¼³Á¤Çϸé ÀÚ·á¿Í ÇÁ·Î±×·¥¿¡ À̸§À» ÇÒ´çÇÑ ÈÄ ·Î±×¸¦ ±â·ÏÇÏÁö¸¸ º¸¾È Á¤Ã¥À» »ç¿ëÇÏÁö´Â ¾Ê´Â´Ù. permissive »óÅ´ SELinux¸¦ óÀ½ Á¢ÇÏ´Â °æ¿ì óÀ½ºÎÅÍ ÀÌ ±â´ÉÀ» ¿ÏÀüÈ÷ È°¼ºÈÇÏÁö ¾Ê°í ¿ì¼± ÀÌ Á¤Ã¥À» »ç¿ëÇؼ ÀÏ¹Ý ½Ã½ºÅÛ ÀÛ¾÷ ½Ã ¾î¶°ÇÑ ¿µÇâÀ» ¹ÌÄ¡´ÂÁö ¾Ë¾Æº¸·Á´Â °æ¿ì ÁÁÀº ½ÃÀÛÁ¡ÀÌ µÉ ¼ö ÀÖ´Ù. ±×·¯³ª °æ°í ¿É¼ÇÀ» ¼±Åà ½Ã °¡²û¾¿ º¸¾È°æ°í ´ë»óÀÌ ¾Æ´Ñ °ÍÀ» °æ°í ´ë»óÀ¸·Î ŽÁöÇÏ´Â ¿À·ù(false positive)³ª °æ°í ´ë»óÀÎ °ÍÀ» ŽÁöÇÏÁö ¾Ê´Â ¿À·ù(false negative)°¡ ¹ß»ýÇÒ °¡´É¼ºµµ ÀÖÀ¸´Ï ÁÖÀÇ°¡ ÇÊ¿äÇÏ´Ù.
disabled : SELinux º¸¾È Á¦¾î¸¦ »ç¿ëÇÏÁö ¾ÊÀ¸·Á¸é disalbed ¿É¼ÇÀ» ¼±ÅÃÇÑ´Ù. disalbed ¼³Á¤Àº º¸¾È Á¦¾î ±â´ÉÀ» ²ô°í ½Ã½ºÅÛÀÌ º¸¾È Á¤Ã¥À» »ç¿ëÇÏÁö ¾Êµµ·Ï ¼³Á¤ÇÑ´Ù.