{"id":10089,"date":"2023-12-27T12:02:05","date_gmt":"2023-12-27T08:32:05","guid":{"rendered":"https:\/\/rasanegar.com\/blog\/%d8%b1%d9%88%d8%b4-%d8%ba%db%8c%d8%b1%d9%81%d8%b9%d8%a7%d9%84-%da%a9%d8%b1%d8%af%d9%86-selinux-%d8%af%d8%b1-centos-8\/"},"modified":"2023-12-27T12:02:05","modified_gmt":"2023-12-27T08:32:05","slug":"%d8%b1%d9%88%d8%b4-%d8%ba%db%8c%d8%b1%d9%81%d8%b9%d8%a7%d9%84-%da%a9%d8%b1%d8%af%d9%86-selinux-%d8%af%d8%b1-centos-8","status":"publish","type":"post","link":"https:\/\/rasanegaar.com\/blog\/%d8%b1%d9%88%d8%b4-%d8%ba%db%8c%d8%b1%d9%81%d8%b9%d8%a7%d9%84-%da%a9%d8%b1%d8%af%d9%86-selinux-%d8%af%d8%b1-centos-8\/","title":{"rendered":"\u0631\u0648\u0634 \u063a\u06cc\u0631\u0641\u0639\u0627\u0644 \u06a9\u0631\u062f\u0646 SELinux \u062f\u0631 CentOS 8"},"content":{"rendered":"<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_85 counter-hierarchy ez-toc-counter ez-toc-custom ez-toc-container-direction\">\n<div class=\"ez-toc-title-container\"><p class=\"ez-toc-title\" style=\"cursor:inherit\">\u0633\u0631\u0641\u0635\u0644\u0647\u0627\u06cc \u0645\u0637\u0644\u0628<\/p>\n<\/div><nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/rasanegaar.com\/blog\/%d8%b1%d9%88%d8%b4-%d8%ba%db%8c%d8%b1%d9%81%d8%b9%d8%a7%d9%84-%da%a9%d8%b1%d8%af%d9%86-selinux-%d8%af%d8%b1-centos-8\/#%d9%be%db%8c%d8%b4_%d9%86%db%8c%d8%a7%d8%b2%d9%87%d8%a7\" >\u067e\u06cc\u0634 \u0646\u06cc\u0627\u0632\u0647\u0627<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/rasanegaar.com\/blog\/%d8%b1%d9%88%d8%b4-%d8%ba%db%8c%d8%b1%d9%81%d8%b9%d8%a7%d9%84-%da%a9%d8%b1%d8%af%d9%86-selinux-%d8%af%d8%b1-centos-8\/#%d8%a8%d8%b1%d8%b1%d8%b3%db%8c_%d8%ad%d8%a7%d9%84%d8%aa_selinux\" >\u0628\u0631\u0631\u0633\u06cc \u062d\u0627\u0644\u062a SELinux<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/rasanegaar.com\/blog\/%d8%b1%d9%88%d8%b4-%d8%ba%db%8c%d8%b1%d9%81%d8%b9%d8%a7%d9%84-%da%a9%d8%b1%d8%af%d9%86-selinux-%d8%af%d8%b1-centos-8\/#%d8%aa%d8%ba%db%8c%db%8c%d8%b1_%d8%ad%d8%a7%d9%84%d8%aa_selinux_%d8%a8%d9%87_permissive\" >\u062a\u063a\u06cc\u06cc\u0631 \u062d\u0627\u0644\u062a SELinux \u0628\u0647 Permissive<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/rasanegaar.com\/blog\/%d8%b1%d9%88%d8%b4-%d8%ba%db%8c%d8%b1%d9%81%d8%b9%d8%a7%d9%84-%da%a9%d8%b1%d8%af%d9%86-selinux-%d8%af%d8%b1-centos-8\/#%d8%ba%db%8c%d8%b1%d9%81%d8%b9%d8%a7%d9%84_%da%a9%d8%b1%d8%af%d9%86_selinux\" >\u063a\u06cc\u0631\u0641\u0639\u0627\u0644 \u06a9\u0631\u062f\u0646 SELinux<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/rasanegaar.com\/blog\/%d8%b1%d9%88%d8%b4-%d8%ba%db%8c%d8%b1%d9%81%d8%b9%d8%a7%d9%84-%da%a9%d8%b1%d8%af%d9%86-selinux-%d8%af%d8%b1-centos-8\/#%d9%86%d8%aa%db%8c%d8%ac%d9%87\" >\u0646\u062a\u06cc\u062c\u0647<\/a><\/li><\/ul><\/nav><\/div>\n<span class=\"span-reading-time rt-reading-time\" style=\"display: block;\"><span class=\"rt-label rt-prefix\">\u0632\u0645\u0627\u0646 \u0644\u0627\u0632\u0645 \u0628\u0631\u0627\u06cc \u0645\u0637\u0627\u0644\u0639\u0647: <\/span> <span class=\"rt-time\"> 3<\/span> <span class=\"rt-label rt-postfix\">\u062f\u0642\u06cc\u0642\u0647<\/span><\/span><p> <br \/>\n<br \/><\/p>\n<div class=\"markdown\">\n<p>\u0644\u06cc\u0646\u0648\u06a9\u0633 \u062a\u0642\u0648\u06cc\u062a \u0634\u062f\u0647 \u0627\u0645\u0646\u06cc\u062a\u06cc \u06cc\u0627 <a href=\"https:\/\/selinuxproject.org\/page\/Main_Page\" target=\"_blank\" rel=\"noopener\" class=\"broken_link\">SELinux<\/a><br \/>\n\u0645\u06a9\u0627\u0646\u06cc\u0632\u0645 \u0627\u0645\u0646\u06cc\u062a\u06cc \u0633\u0627\u062e\u062a\u0647 \u0634\u062f\u0647 \u062f\u0631 \u0647\u0633\u062a\u0647 \u0644\u06cc\u0646\u0648\u06a9\u0633 \u0627\u0633\u062a \u06a9\u0647 \u062a\u0648\u0633\u0637 \u062a\u0648\u0632\u06cc\u0639 \u0647\u0627\u06cc \u0645\u0628\u062a\u0646\u06cc \u0628\u0631 RHEL \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0645\u06cc \u0634\u0648\u062f.<\/p>\n<p>SELinux \u0628\u0627 \u0627\u062c\u0627\u0632\u0647 \u062f\u0627\u062f\u0646 \u0628\u0647 \u0645\u062f\u06cc\u0631\u0627\u0646 \u0648 \u06a9\u0627\u0631\u0628\u0631\u0627\u0646 \u0628\u0631\u0627\u06cc \u06a9\u0646\u062a\u0631\u0644 \u062f\u0633\u062a\u0631\u0633\u06cc \u0628\u0647 \u0627\u0634\u06cc\u0627\u0621 \u0628\u0631 \u0627\u0633\u0627\u0633 \u0642\u0648\u0627\u0646\u06cc\u0646 \u062e\u0637 \u0645\u0634\u06cc\u060c \u06cc\u06a9 \u0644\u0627\u06cc\u0647 \u0627\u0645\u0646\u06cc\u062a\u06cc \u0627\u0636\u0627\u0641\u06cc \u0628\u0647 \u0633\u06cc\u0633\u062a\u0645 \u0627\u0636\u0627\u0641\u0647 \u0645\u06cc \u06a9\u0646\u062f.<\/p>\n<p>\u0642\u0648\u0627\u0646\u06cc\u0646 \u062e\u0637 \u0645\u0634\u06cc SELinux \u0631\u0648\u0634 \u062a\u0639\u0627\u0645\u0644 \u067e\u0631\u062f\u0627\u0632\u0634 \u0647\u0627 \u0648 \u06a9\u0627\u0631\u0628\u0631\u0627\u0646 \u0628\u0627 \u06cc\u06a9\u062f\u06cc\u06af\u0631 \u0648 \u0647\u0645\u0686\u0646\u06cc\u0646 \u0631\u0648\u0634 \u062a\u0639\u0627\u0645\u0644 \u067e\u0631\u062f\u0627\u0632\u0634 \u0647\u0627 \u0648 \u06a9\u0627\u0631\u0628\u0631\u0627\u0646 \u0628\u0627 \u0641\u0627\u06cc\u0644 \u0647\u0627 \u0631\u0627 \u0645\u0634\u062e\u0635 \u0645\u06cc \u06a9\u0646\u062f.  \u0648\u0642\u062a\u06cc \u0647\u06cc\u0686 \u0642\u0627\u0646\u0648\u0646\u06cc \u0648\u062c\u0648\u062f \u0646\u062f\u0627\u0631\u062f \u06a9\u0647 \u0628\u0647 \u0637\u0648\u0631 \u0635\u0631\u06cc\u062d \u0627\u062c\u0627\u0632\u0647 \u062f\u0633\u062a\u0631\u0633\u06cc \u0628\u0647 \u06cc\u06a9 \u0634\u06cc \u0631\u0627 \u0628\u062f\u0647\u062f\u060c \u0645\u0627\u0646\u0646\u062f a process \u0628\u0627\u0632 \u06a9\u0631\u062f\u0646 \u06cc\u06a9 \u0641\u0627\u06cc\u0644\u060c \u062f\u0633\u062a\u0631\u0633\u06cc \u0645\u0645\u0646\u0648\u0639 \u0627\u0633\u062a.<\/p>\n<p>SELinux \u062f\u0627\u0631\u0627\u06cc \u0633\u0647 \u062d\u0627\u0644\u062a \u06a9\u0627\u0631 \u0627\u0633\u062a:<\/p>\n<ul>\n<li>\u0627\u062c\u0631\u0627: SELinux \u0627\u062c\u0627\u0632\u0647 \u062f\u0633\u062a\u0631\u0633\u06cc \u0628\u0631 \u0627\u0633\u0627\u0633 \u0642\u0648\u0627\u0646\u06cc\u0646 \u062e\u0637 \u0645\u0634\u06cc SELinux \u0631\u0627 \u0645\u06cc \u062f\u0647\u062f.<\/li>\n<li>\u0645\u062c\u0627\u0632: SELinux \u0641\u0642\u0637 \u0627\u0642\u062f\u0627\u0645\u0627\u062a\u06cc \u0631\u0627 \u062b\u0628\u062a \u0645\u06cc \u06a9\u0646\u062f \u06a9\u0647 \u062f\u0631 \u0635\u0648\u0631\u062a \u0627\u062c\u0631\u0627 \u062f\u0631 \u062d\u0627\u0644\u062a \u0627\u062c\u0631\u0627\u060c \u0631\u062f \u0645\u06cc \u0634\u062f\u0646\u062f.  \u0627\u06cc\u0646 \u062d\u0627\u0644\u062a \u0628\u0631\u0627\u06cc \u0627\u0634\u06a9\u0627\u0644 \u0632\u062f\u0627\u06cc\u06cc \u0648 \u0627\u06cc\u062c\u0627\u062f \u0642\u0648\u0627\u0646\u06cc\u0646 \u0633\u06cc\u0627\u0633\u062a \u062c\u062f\u06cc\u062f \u0645\u0641\u06cc\u062f \u0627\u0633\u062a.<\/li>\n<li>\u063a\u06cc\u0631\u0641\u0639\u0627\u0644: \u0647\u06cc\u0686 \u062e\u0637 \u0645\u0634\u06cc SELinux \u0628\u0627\u0631\u06af\u06cc\u0631\u06cc \u0646\u0645\u06cc \u0634\u0648\u062f \u0648 \u0647\u06cc\u0686 \u067e\u06cc\u0627\u0645\u06cc \u062b\u0628\u062a \u0646\u0645\u06cc \u0634\u0648\u062f.<\/li>\n<\/ul>\n<p>\u0628\u0647 \u0637\u0648\u0631 \u067e\u06cc\u0634 \u0641\u0631\u0636\u060c \u062f\u0631 CentOS 8\u060c SELinux \u0641\u0639\u0627\u0644 \u0648 \u062f\u0631 \u062d\u0627\u0644\u062a \u0627\u0639\u0645\u0627\u0644 \u0627\u0633\u062a.  \u0628\u0647 \u0634\u062f\u062a \u062a\u0648\u0635\u06cc\u0647 \u0645\u06cc \u0634\u0648\u062f SELinux \u0631\u0627 \u062f\u0631 \u062d\u0627\u0644\u062a \u0627\u0639\u0645\u0627\u0644 \u0646\u06af\u0647 \u062f\u0627\u0631\u06cc\u062f.  \u0628\u0627 \u0627\u06cc\u0646 \u062d\u0627\u0644\u060c \u06af\u0627\u0647\u06cc \u0627\u0648\u0642\u0627\u062a \u0645\u0645\u06a9\u0646 \u0627\u0633\u062a \u062f\u0631 \u0639\u0645\u0644\u06a9\u0631\u062f \u0628\u0631\u062e\u06cc \u0627\u0632 \u0628\u0631\u0646\u0627\u0645\u0647 \u0647\u0627 \u0627\u062e\u062a\u0644\u0627\u0644 \u0627\u06cc\u062c\u0627\u062f \u06a9\u0646\u062f \u0648 \u0628\u0627\u06cc\u062f \u0622\u0646 \u0631\u0627 \u0631\u0648\u06cc \u062d\u0627\u0644\u062a \u0645\u062c\u0627\u0632 \u062a\u0646\u0638\u06cc\u0645 \u06a9\u0646\u06cc\u062f \u06cc\u0627 \u0622\u0646 \u0631\u0627 \u0628\u0647 \u0637\u0648\u0631 \u06a9\u0627\u0645\u0644 \u063a\u06cc\u0631\u0641\u0639\u0627\u0644 \u06a9\u0646\u06cc\u062f.<\/p>\n<p>\u062f\u0631 \u0627\u06cc\u0646 \u0622\u0645\u0648\u0632\u0634\u060c \u063a\u06cc\u0631\u0641\u0639\u0627\u0644 \u06a9\u0631\u062f\u0646 SELinux \u062f\u0631 CentOS 8 \u0631\u0627 \u062a\u0648\u0636\u06cc\u062d \u062e\u0648\u0627\u0647\u06cc\u0645 \u062f\u0627\u062f.<\/p>\n<h2 id=\"prerequisites\"><span class=\"ez-toc-section\" id=\"%d9%be%db%8c%d8%b4_%d9%86%db%8c%d8%a7%d8%b2%d9%87%d8%a7\"><\/span>\u067e\u06cc\u0634 \u0646\u06cc\u0627\u0632\u0647\u0627 <span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>\u0641\u0642\u0637 \u06a9\u0627\u0631\u0628\u0631 \u0631\u06cc\u0634\u0647 \u06cc\u0627 \u06a9\u0627\u0631\u0628\u0631\u06cc \u0628\u0627 \u0627\u0645\u062a\u06cc\u0627\u0632\u0627\u062a sudo \u0645\u06cc \u062a\u0648\u0627\u0646\u062f \u062d\u0627\u0644\u062a SELinux \u0631\u0627 \u062a\u063a\u06cc\u06cc\u0631 \u062f\u0647\u062f.<\/p>\n<h2 id=\"checking-the-selinux-mode\"><span class=\"ez-toc-section\" id=\"%d8%a8%d8%b1%d8%b1%d8%b3%db%8c_%d8%ad%d8%a7%d9%84%d8%aa_selinux\"><\/span>\u0628\u0631\u0631\u0633\u06cc \u062d\u0627\u0644\u062a SELinux <span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>\u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u06a9\u0646\u06cc\u062f <code>sestatus<\/code> \u062f\u0633\u062a\u0648\u0631 \u0628\u0631\u0627\u06cc \u0628\u0631\u0631\u0633\u06cc \u0648\u0636\u0639\u06cc\u062a \u0648 \u062d\u0627\u0644\u062a\u06cc \u06a9\u0647 SELinux \u062f\u0631 \u0622\u0646 \u0627\u062c\u0631\u0627 \u0645\u06cc \u0634\u0648\u062f:<\/p>\n<pre class=\"terminal\"><code class=\"terminal-line\" prefix=\"$\">sestatus<\/code><\/pre>\n<pre tabindex=\"0\"><code class=\"language-output\" data-lang=\"output\">SELinux status:                 enabled\nSELinuxfs mount:                \/sys\/fs\/selinux\nSELinux root directory:         \/etc\/selinux\nLoaded policy name:             targeted\nCurrent mode:                   enforcing\nMode from config file:          enforcing\nPolicy MLS status:              enabled\nPolicy deny_unknown status:     allowed\nMemory protection checking:     actual (secure)\nMax kernel policy version:      31<\/code><\/pre>\n<p>\u062e\u0631\u0648\u062c\u06cc \u0628\u0627\u0644\u0627 \u0646\u0634\u0627\u0646 \u0645\u06cc \u062f\u0647\u062f \u06a9\u0647 SELinux \u0641\u0639\u0627\u0644 \u0627\u0633\u062a \u0648 \u0631\u0648\u06cc \u062d\u0627\u0644\u062a Enforcing \u062a\u0646\u0638\u06cc\u0645 \u0634\u062f\u0647 \u0627\u0633\u062a.<\/p>\n<h2 id=\"changing-selinux-mode-to-permissive\"><span class=\"ez-toc-section\" id=\"%d8%aa%d8%ba%db%8c%db%8c%d8%b1_%d8%ad%d8%a7%d9%84%d8%aa_selinux_%d8%a8%d9%87_permissive\"><\/span>\u062a\u063a\u06cc\u06cc\u0631 \u062d\u0627\u0644\u062a SELinux \u0628\u0647 Permissive <span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>\u0648\u0642\u062a\u06cc SELinux \u0641\u0639\u0627\u0644 \u0628\u0627\u0634\u062f\u060c \u0645\u06cc\u200c\u062a\u0648\u0627\u0646\u062f \u062f\u0631 \u062d\u0627\u0644\u062a \u0627\u062c\u0628\u0627\u0631\u06cc \u06cc\u0627 \u0645\u062c\u0627\u0632 \u0628\u0627\u0634\u062f.  \u0628\u0627 \u062f\u0633\u062a\u0648\u0631 \u0632\u06cc\u0631 \u0645\u06cc \u062a\u0648\u0627\u0646\u06cc\u062f \u0628\u0647 \u0637\u0648\u0631 \u0645\u0648\u0642\u062a \u062d\u0627\u0644\u062a \u0631\u0627 \u0627\u0632 \u0647\u062f\u0641\u0645\u0646\u062f \u0628\u0647 \u0645\u062c\u0627\u0632 \u062a\u063a\u06cc\u06cc\u0631 \u062f\u0647\u06cc\u062f:<\/p>\n<pre class=\"terminal\"><code class=\"terminal-line\" prefix=\"$\">sudo setenforce 0<\/code><\/pre>\n<p>\u0628\u0627 \u0627\u06cc\u0646 \u062d\u0627\u0644\u060c \u0627\u06cc\u0646 \u062a\u063a\u06cc\u06cc\u0631 \u0641\u0642\u0637 \u0628\u0631\u0627\u06cc \u062c\u0644\u0633\u0647 \u0632\u0645\u0627\u0646 \u0627\u062c\u0631\u0627 \u0641\u0639\u0644\u06cc \u0645\u0639\u062a\u0628\u0631 \u0627\u0633\u062a \u0648 \u0628\u06cc\u0646 \u0631\u0627\u0647 \u0627\u0646\u062f\u0627\u0632\u06cc \u0645\u062c\u062f\u062f \u0628\u0627\u0642\u06cc \u0646\u0645\u06cc \u0645\u0627\u0646\u062f.<\/p>\n<p>\u0628\u0631\u0627\u06cc \u062a\u0646\u0638\u06cc\u0645 \u062f\u0627\u0626\u0645\u06cc \u062d\u0627\u0644\u062a SELinux \u0631\u0648\u06cc \u0645\u062c\u0627\u0632\u060c \u0645\u0631\u0627\u062d\u0644 \u0632\u06cc\u0631 \u0631\u0627 \u062f\u0646\u0628\u0627\u0644 \u06a9\u0646\u06cc\u062f:<\/p>\n<ol>\n<li>\n<p>\u0628\u0627\u0632 \u06a9\u0646 <code>\/etc\/selinux\/config<\/code> \u0641\u0627\u06cc\u0644 \u0648 \u062a\u0646\u0638\u06cc\u0645 \u06a9\u0646\u06cc\u062f <code>SELINUX<\/code> \u0645\u062f \u0628\u0647 <code>permissive<\/code>:<\/p>\n<div class=\"code-label\">\/etc\/selinux\/config<\/div>\n<div class=\"highlight\">\n<pre tabindex=\"0\" class=\"chroma\"><code class=\"language-ini\" data-lang=\"ini\"><span class=\"line\"><span class=\"cl\"><span class=\"c1\"># This file controls the state of SELinux on the system.<\/span>\n<\/span><\/span><span class=\"line\"><span class=\"cl\"><span class=\"c1\"># SELINUX= can take one of these three values:<\/span>\n<\/span><\/span><span class=\"line\"><span class=\"cl\"><span class=\"c1\">#     enforcing - SELinux security policy is enforced.<\/span>\n<\/span><\/span><span class=\"line\"><span class=\"cl\"><span class=\"c1\">#     permissive - SELinux prints warnings instead of enforcing.<\/span>\n<\/span><\/span><span class=\"line\"><span class=\"cl\"><span class=\"c1\">#     disabled - No SELinux policy is loaded.<\/span>\n<\/span><\/span><span class=\"line hl\"><span class=\"cl\"><span class=\"na\">SELINUX<\/span><span class=\"o\">=<\/span><span class=\"s\">permissive<\/span>\n<\/span><\/span><span class=\"line\"><span class=\"cl\"><span class=\"c1\"># SELINUXTYPE= can take one of these three values:<\/span>\n<\/span><\/span><span class=\"line\"><span class=\"cl\"><span class=\"c1\">#     targeted - Targeted processes are protected,<\/span>\n<\/span><\/span><span class=\"line\"><span class=\"cl\"><span class=\"c1\">#     minimum - Modification of targeted policy. Only selected processes are protected. <\/span>\n<\/span><\/span><span class=\"line\"><span class=\"cl\"><span class=\"c1\">#     mls - Multi Level Security protection.<\/span>\n<\/span><\/span><span class=\"line\"><span class=\"cl\"><span class=\"na\">SELINUXTYPE<\/span><span class=\"o\">=<\/span><span class=\"s\">targeted<\/span><\/span><\/span><\/code><\/pre>\n<\/div>\n<\/li>\n<li>\n<p>\u0641\u0627\u06cc\u0644 \u0631\u0627 \u0630\u062e\u06cc\u0631\u0647 \u06a9\u0631\u062f\u0647 \u0648 \u0627\u062c\u0631\u0627 \u06a9\u0646\u06cc\u062f <code>setenforce 0<\/code> \u062f\u0633\u062a\u0648\u0631 \u062a\u063a\u06cc\u06cc\u0631 \u062d\u0627\u0644\u062a SELinux \u0628\u0631\u0627\u06cc \u062c\u0644\u0633\u0647 \u062c\u0627\u0631\u06cc:<\/p>\n<pre class=\"terminal\"><code class=\"terminal-line\" prefix=\"$\">sudo shutdown -r now<\/code><\/pre>\n<\/li>\n<\/ol>\n<h2 id=\"disabling-selinux\"><span class=\"ez-toc-section\" id=\"%d8%ba%db%8c%d8%b1%d9%81%d8%b9%d8%a7%d9%84_%da%a9%d8%b1%d8%af%d9%86_selinux\"><\/span>\u063a\u06cc\u0631\u0641\u0639\u0627\u0644 \u06a9\u0631\u062f\u0646 SELinux <span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>\u0628\u0647 \u062c\u0627\u06cc \u063a\u06cc\u0631\u0641\u0639\u0627\u0644 \u06a9\u0631\u062f\u0646 SELinux\u060c \u0627\u06a9\u06cc\u062f\u0627\u064b \u062a\u0648\u0635\u06cc\u0647 \u0645\u06cc \u0634\u0648\u062f \u062d\u0627\u0644\u062a \u0631\u0627 \u0628\u0647 \u0645\u062c\u0627\u0632 \u062a\u063a\u06cc\u06cc\u0631 \u062f\u0647\u06cc\u062f.  SELinux \u0631\u0627 \u0641\u0642\u0637 \u0632\u0645\u0627\u0646\u06cc \u063a\u06cc\u0631\u0641\u0639\u0627\u0644 \u06a9\u0646\u06cc\u062f \u06a9\u0647 \u0628\u0631\u0627\u06cc \u0639\u0645\u0644\u06a9\u0631\u062f \u0645\u0646\u0627\u0633\u0628 \u0628\u0631\u0646\u0627\u0645\u0647 \u0634\u0645\u0627 \u0644\u0627\u0632\u0645 \u0628\u0627\u0634\u062f.<\/p>\n<p>\u0628\u0631\u0627\u06cc \u063a\u06cc\u0631\u0641\u0639\u0627\u0644 \u06a9\u0631\u062f\u0646 \u062f\u0627\u0626\u0645\u06cc SELinux \u062f\u0631 \u0633\u06cc\u0633\u062a\u0645 CentOS 8 \u0645\u0631\u0627\u062d\u0644 \u0632\u06cc\u0631 \u0631\u0627 \u0627\u0646\u062c\u0627\u0645 \u062f\u0647\u06cc\u062f:<\/p>\n<ol>\n<li>\n<p>\u0628\u0627\u0632 \u06a9\u0646 <code>\/etc\/selinux\/config<\/code> \u0641\u0627\u06cc\u0644 \u0648 \u062a\u063a\u06cc\u06cc\u0631 \u062f\u0647\u06cc\u062f <code>SELINUX<\/code> \u0627\u0631\u0632\u0634 \u0628\u0647 <code>disabled<\/code>:<\/p>\n<div class=\"code-label\">\/etc\/selinux\/config<\/div>\n<div class=\"highlight\">\n<pre tabindex=\"0\" class=\"chroma\"><code class=\"language-ini\" data-lang=\"ini\"><span class=\"line\"><span class=\"cl\"><span class=\"c1\"># This file controls the state of SELinux on the system.<\/span>\n<\/span><\/span><span class=\"line\"><span class=\"cl\"><span class=\"c1\"># SELINUX= can take one of these three values:<\/span>\n<\/span><\/span><span class=\"line\"><span class=\"cl\"><span class=\"c1\">#       enforcing - SELinux security policy is enforced.<\/span>\n<\/span><\/span><span class=\"line\"><span class=\"cl\"><span class=\"c1\">#       permissive - SELinux prints warnings instead of enforcing.<\/span>\n<\/span><\/span><span class=\"line\"><span class=\"cl\"><span class=\"c1\">#       disabled - No SELinux policy is loaded.<\/span>\n<\/span><\/span><span class=\"line hl\"><span class=\"cl\"><span class=\"na\">SELINUX<\/span><span class=\"o\">=<\/span><span class=\"s\">disabled<\/span>\n<\/span><\/span><span class=\"line\"><span class=\"cl\"><span class=\"c1\"># SELINUXTYPE= can take one of these three values:<\/span>\n<\/span><\/span><span class=\"line\"><span class=\"cl\"><span class=\"c1\">#     targeted - Targeted processes are protected,<\/span>\n<\/span><\/span><span class=\"line\"><span class=\"cl\"><span class=\"c1\">#     minimum - Modification of targeted policy. Only selected processes are protected. <\/span>\n<\/span><\/span><span class=\"line\"><span class=\"cl\"><span class=\"c1\">#     mls - Multi Level Security protection.<\/span>\n<\/span><\/span><span class=\"line\"><span class=\"cl\"><span class=\"na\">SELINUXTYPE<\/span><span class=\"o\">=<\/span><span class=\"s\">targeted<\/span><\/span><\/span><\/code><\/pre>\n<\/div>\n<\/li>\n<li>\n<p>\u0641\u0627\u06cc\u0644 \u0631\u0627 \u0630\u062e\u06cc\u0631\u0647 \u06a9\u0646\u06cc\u062f \u0648 \u0633\u06cc\u0633\u062a\u0645 \u0631\u0627 \u0631\u06cc\u0633\u062a\u0627\u0631\u062a \u06a9\u0646\u06cc\u062f:<\/p>\n<pre class=\"terminal\"><code class=\"terminal-line\" prefix=\"$\">sudo shutdown -r now<\/code><\/pre>\n<\/li>\n<li>\n<p>\u0648\u0642\u062a\u06cc \u0633\u06cc\u0633\u062a\u0645 \u0628\u0648\u062a \u0634\u062f\u060c \u0627\u0632 <code>sestatus<\/code> \u062f\u0633\u062a\u0648\u0631 \u0628\u0631\u0627\u06cc \u062a\u0623\u06cc\u06cc\u062f \u0627\u06cc\u0646\u06a9\u0647 SELinux \u063a\u06cc\u0631\u0641\u0639\u0627\u0644 \u0634\u062f\u0647 \u0627\u0633\u062a:<\/p>\n<pre class=\"terminal\"><code class=\"terminal-line\" prefix=\"$\">sestatus<\/code><\/pre>\n<p>\u062e\u0631\u0648\u062c\u06cc \u0628\u0627\u06cc\u062f \u0628\u0647 \u0634\u06a9\u0644 \u0632\u06cc\u0631 \u0628\u0627\u0634\u062f:<\/p>\n<pre tabindex=\"0\"><code class=\"language-output\" data-lang=\"output\">SELinux status:                 disabled<\/code><\/pre>\n<\/li>\n<\/ol>\n<h2 id=\"conclusion\"><span class=\"ez-toc-section\" id=\"%d9%86%d8%aa%db%8c%d8%ac%d9%87\"><\/span>\u0646\u062a\u06cc\u062c\u0647 <span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>SELinux \u0645\u06a9\u0627\u0646\u06cc\u0632\u0645\u06cc \u0628\u0631\u0627\u06cc \u0627\u06cc\u0645\u0646 \u0633\u0627\u0632\u06cc \u06cc\u06a9 \u0633\u06cc\u0633\u062a\u0645 \u0628\u0627 \u0627\u062c\u0631\u0627\u06cc \u06a9\u0646\u062a\u0631\u0644 \u062f\u0633\u062a\u0631\u0633\u06cc \u0627\u062c\u0628\u0627\u0631\u06cc (MAC) \u0627\u0633\u062a.  SELinux \u0628\u0647 \u0637\u0648\u0631 \u067e\u06cc\u0634\u200c\u0641\u0631\u0636 \u062f\u0631 \u0633\u06cc\u0633\u062a\u0645\u200c\u0647\u0627\u06cc CentOS 8 \u0641\u0639\u0627\u0644 \u0627\u0633\u062a\u060c \u0627\u0645\u0627 \u0628\u0627 \u0648\u06cc\u0631\u0627\u06cc\u0634 \u0641\u0627\u06cc\u0644 \u067e\u06cc\u06a9\u0631\u0628\u0646\u062f\u06cc \u0648 \u0631\u0627\u0647\u200c\u0627\u0646\u062f\u0627\u0632\u06cc \u0645\u062c\u062f\u062f \u0633\u06cc\u0633\u062a\u0645 \u0645\u06cc\u200c\u062a\u0648\u0627\u0646 \u0622\u0646 \u0631\u0627 \u063a\u06cc\u0631\u0641\u0639\u0627\u0644 \u06a9\u0631\u062f.<\/p>\n<p>\u0628\u0631\u0627\u06cc \u06a9\u0633\u0628 \u0627\u0637\u0644\u0627\u0639\u0627\u062a \u0628\u06cc\u0634\u062a\u0631 \u062f\u0631 \u0645\u0648\u0631\u062f \u0648\u06cc\u0698\u06af\u06cc \u0647\u0627\u06cc \u0642\u062f\u0631\u062a\u0645\u0646\u062f SELinux\u060c \u0628\u0647 \u0633\u0627\u06cc\u062a \u0645\u0631\u0627\u062c\u0639\u0647 \u06a9\u0646\u06cc\u062f <a href=\"https:\/\/wiki.centos.org\/HowTos\/SELinux\" target=\"_blank\" rel=\"noopener\">CentOS SELinux<\/a><br \/>\n\u0631\u0627\u0647\u0646\u0645\u0627.<\/p>\n<p>\u0627\u06af\u0631 \u0633\u0624\u0627\u0644 \u06cc\u0627 \u0628\u0627\u0632\u062e\u0648\u0631\u062f\u06cc \u062f\u0627\u0631\u06cc\u062f\u060c \u0644\u0637\u0641\u0627\u064b \u062f\u0631 \u0632\u06cc\u0631 \u0646\u0638\u0631 \u062f\u0647\u06cc\u062f.<\/p>\n<div class=\"flex flex-wrap my-8\">\u0633\u0646\u062a \u0647\u0627\u06cc \u0627\u0645\u0646\u06cc\u062a\u06cc<\/div>\n<\/div>\n\n<div>\u0628\u0631\u0627\u06cc \u0646\u06af\u0627\u0631\u0634 \u0628\u062e\u0634\u0647\u0627\u06cc\u06cc \u0627\u0632 \u0627\u06cc\u0646 \u0645\u062a\u0646 \u0645\u0645\u06a9\u0646 \u0627\u0633\u062a \u0627\u0632 \u062a\u0631\u062c\u0645\u0647 \u0645\u0627\u0634\u06cc\u0646\u06cc \u06cc\u0627 \u0647\u0648\u0634 \u0645\u0635\u0646\u0648\u0639\u06cc GPT \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0634\u062f\u0647 \u0628\u0627\u0634\u062f <br \/>\n\u0644\u0637\u0641\u0627 \u062f\u0631 \u0635\u0648\u0631\u062a \u0648\u062c\u0648\u062f \u0645\u0634\u06a9\u0644 \u062f\u0631 \u0645\u062a\u0646 \u06cc\u0627 \u0645\u0641\u0647\u0648\u0645 \u0646\u0628\u0648\u062f\u0646 \u062a\u0648\u0636\u06cc\u062d\u0627\u062a\u060c \u0627\u0632 \u0637\u0631\u06cc\u0642 \u062f\u06a9\u0645\u0647 \u06af\u0632\u0627\u0631\u0634 \u0646\u0648\u0634\u062a\u0627\u0631 \u06cc\u0627 \u062f\u0631\u062c \u0646\u0638\u0631 \u0631\u0648\u06cc \u0627\u06cc\u0646 \u0645\u0637\u0644\u0628 \u0645\u0627 \u0631\u0627 \u0627\u0632 \u062c\u0632\u06cc\u06cc\u0627\u062a \u0645\u0634\u06a9\u0644 \u0645\u0634\u0627\u0647\u062f\u0647 \u0634\u062f\u0647 \u0645\u0637\u0644\u0639 \u06a9\u0646\u06cc\u062f \u062a\u0627 \u0628\u0647 \u0622\u0646 \u0631\u0633\u06cc\u062f\u06af\u06cc \u06a9\u0646\u06cc\u0645\n<\/div>\n<p>\u0632\u0645\u0627\u0646 \u0627\u0646\u062a\u0634\u0627\u0631: 1402-12-27 12:02:02<br \/>\n<\/p>\n\n\n<div class=\"kk-star-ratings kksr-auto kksr-align-center kksr-valign-bottom\"\n    data-payload='{&quot;align&quot;:&quot;center&quot;,&quot;id&quot;:&quot;10089&quot;,&quot;slug&quot;:&quot;default&quot;,&quot;valign&quot;:&quot;bottom&quot;,&quot;ignore&quot;:&quot;&quot;,&quot;reference&quot;:&quot;auto&quot;,&quot;class&quot;:&quot;&quot;,&quot;count&quot;:&quot;0&quot;,&quot;legendonly&quot;:&quot;&quot;,&quot;readonly&quot;:&quot;&quot;,&quot;score&quot;:&quot;0&quot;,&quot;starsonly&quot;:&quot;&quot;,&quot;best&quot;:&quot;5&quot;,&quot;gap&quot;:&quot;5&quot;,&quot;greet&quot;:&quot;\u0627\u0645\u062a\u06cc\u0627\u0632 \u0634\u0645\u0627 \u0628\u0647 \u0627\u06cc\u0646 \u0645\u0637\u0644\u0628&quot;,&quot;legend&quot;:&quot;0\\\/5 (0 \u0631\u0627\u06cc)&quot;,&quot;size&quot;:&quot;30&quot;,&quot;title&quot;:&quot;\u0631\u0648\u0634 \u063a\u06cc\u0631\u0641\u0639\u0627\u0644 \u06a9\u0631\u062f\u0646 SELinux \u062f\u0631 CentOS 8&quot;,&quot;width&quot;:&quot;0&quot;,&quot;_legend&quot;:&quot;{score}\\\/{best} ({count} \u0631\u0627\u06cc)&quot;,&quot;font_factor&quot;:&quot;1.25&quot;}'>\n            \n<div class=\"kksr-stars\">\n    \n<div class=\"kksr-stars-inactive\">\n            <div class=\"kksr-star\" data-star=\"1\" style=\"padding-left: 5px\">\n            \n\n<div class=\"kksr-icon\" style=\"width: 30px; height: 30px;\"><\/div>\n        <\/div>\n            <div class=\"kksr-star\" data-star=\"2\" style=\"padding-left: 5px\">\n            \n\n<div class=\"kksr-icon\" style=\"width: 30px; height: 30px;\"><\/div>\n        <\/div>\n            <div class=\"kksr-star\" data-star=\"3\" style=\"padding-left: 5px\">\n            \n\n<div class=\"kksr-icon\" style=\"width: 30px; height: 30px;\"><\/div>\n        <\/div>\n            <div class=\"kksr-star\" data-star=\"4\" style=\"padding-left: 5px\">\n            \n\n<div class=\"kksr-icon\" style=\"width: 30px; height: 30px;\"><\/div>\n        <\/div>\n            <div class=\"kksr-star\" data-star=\"5\" style=\"padding-left: 5px\">\n            \n\n<div class=\"kksr-icon\" style=\"width: 30px; height: 30px;\"><\/div>\n        <\/div>\n    <\/div>\n    \n<div class=\"kksr-stars-active\" style=\"width: 0px;\">\n            <div class=\"kksr-star\" style=\"padding-left: 5px\">\n            \n\n<div class=\"kksr-icon\" style=\"width: 30px; height: 30px;\"><\/div>\n        <\/div>\n            <div class=\"kksr-star\" style=\"padding-left: 5px\">\n            \n\n<div class=\"kksr-icon\" style=\"width: 30px; height: 30px;\"><\/div>\n        <\/div>\n            <div class=\"kksr-star\" style=\"padding-left: 5px\">\n            \n\n<div class=\"kksr-icon\" style=\"width: 30px; height: 30px;\"><\/div>\n        <\/div>\n            <div class=\"kksr-star\" style=\"padding-left: 5px\">\n            \n\n<div class=\"kksr-icon\" style=\"width: 30px; height: 30px;\"><\/div>\n        <\/div>\n            <div class=\"kksr-star\" style=\"padding-left: 5px\">\n            \n\n<div class=\"kksr-icon\" style=\"width: 30px; height: 30px;\"><\/div>\n        <\/div>\n    <\/div>\n<\/div>\n                \n\n<div class=\"kksr-legend\" style=\"font-size: 24px;\">\n            <span class=\"kksr-muted\">\u0627\u0645\u062a\u06cc\u0627\u0632 \u0634\u0645\u0627 \u0628\u0647 \u0627\u06cc\u0646 \u0645\u0637\u0644\u0628<\/span>\n    <\/div>\n    <\/div>\n","protected":false},"excerpt":{"rendered":"<p><span class=\"span-reading-time rt-reading-time\" style=\"display: block;\"><span class=\"rt-label rt-prefix\">\u0632\u0645\u0627\u0646 \u0644\u0627\u0632\u0645 \u0628\u0631\u0627\u06cc \u0645\u0637\u0627\u0644\u0639\u0647: <\/span> <span class=\"rt-time\"> 3<\/span> <span class=\"rt-label rt-postfix\">\u062f\u0642\u06cc\u0642\u0647<\/span><\/span>\u0644\u06cc\u0646\u0648\u06a9\u0633 \u062a\u0642\u0648\u06cc\u062a \u0634\u062f\u0647 \u0627\u0645\u0646\u06cc\u062a\u06cc \u06cc\u0627 SELinux \u0645\u06a9\u0627\u0646\u06cc\u0632\u0645 \u0627\u0645\u0646\u06cc\u062a\u06cc \u0633\u0627\u062e\u062a\u0647 \u0634\u062f\u0647 \u062f\u0631 \u0647\u0633\u062a\u0647 \u0644\u06cc\u0646\u0648\u06a9\u0633 \u0627\u0633\u062a \u06a9\u0647 \u062a\u0648\u0633\u0637 \u062a\u0648\u0632\u06cc\u0639 \u0647\u0627\u06cc \u0645\u0628\u062a\u0646\u06cc \u0628\u0631 RHEL \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0645\u06cc \u0634\u0648\u062f. SELinux \u0628\u0627 \u0627\u062c\u0627\u0632\u0647 \u062f\u0627\u062f\u0646 \u0628\u0647 \u0645\u062f\u06cc\u0631\u0627\u0646 \u0648 \u06a9\u0627\u0631\u0628\u0631\u0627\u0646 \u0628\u0631\u0627\u06cc \u06a9\u0646\u062a\u0631\u0644 \u062f\u0633\u062a\u0631\u0633\u06cc \u0628\u0647 \u0627\u0634\u06cc\u0627\u0621 \u0628\u0631 \u0627\u0633\u0627\u0633 \u0642\u0648\u0627\u0646\u06cc\u0646 \u062e\u0637 \u0645\u0634\u06cc\u060c \u06cc\u06a9 \u0644\u0627\u06cc\u0647 \u0627\u0645\u0646\u06cc\u062a\u06cc \u0627\u0636\u0627\u0641\u06cc \u0628\u0647 \u0633\u06cc\u0633\u062a\u0645 \u0627\u0636\u0627\u0641\u0647 \u0645\u06cc \u06a9\u0646\u062f. \u0642\u0648\u0627\u0646\u06cc\u0646 \u062e\u0637 \u0645\u0634\u06cc SELinux [&hellip;]<\/p>\n","protected":false},"author":3,"featured_media":10090,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[202,95,1686],"tags":[369,487,1220,2539,1870,1845],"class_list":["post-10089","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-os","category-linux","category-ai","tag-linux","tag-487","tag-1220","tag-2539","tag--linux","tag-1845"],"acf":[],"_links":{"self":[{"href":"https:\/\/rasanegaar.com\/blog\/wp-json\/wp\/v2\/posts\/10089","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/rasanegaar.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/rasanegaar.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/rasanegaar.com\/blog\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/rasanegaar.com\/blog\/wp-json\/wp\/v2\/comments?post=10089"}],"version-history":[{"count":0,"href":"https:\/\/rasanegaar.com\/blog\/wp-json\/wp\/v2\/posts\/10089\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/rasanegaar.com\/blog\/wp-json\/wp\/v2\/media\/10090"}],"wp:attachment":[{"href":"https:\/\/rasanegaar.com\/blog\/wp-json\/wp\/v2\/media?parent=10089"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/rasanegaar.com\/blog\/wp-json\/wp\/v2\/categories?post=10089"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/rasanegaar.com\/blog\/wp-json\/wp\/v2\/tags?post=10089"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}