Linux command
semanage-permissive 命令
安全
权限或系统影响较大,执行前请核对目标。
常用示例
List
sudo semanage permissive -l
Set
sudo semanage permissive -a [httpd_t]
Unset
sudo semanage permissive -d [httpd_t]
说明
semanage permissive manages per-domain permissive mode in SELinux. When a domain is set to permissive, SELinux logs policy violations but does not enforce them for processes in that domain. This provides more granular control than global permissive mode (setenforce 0), allowing specific services to be unconfined while the rest of the system remains in enforcing mode.
参数
- -l, --list
- List all domains in permissive mode
- -a, --add
- Add a domain to permissive mode
- -d, --delete
- Remove a domain from permissive mode
FAQ
What is the semanage-permissive command used for?
semanage permissive manages per-domain permissive mode in SELinux. When a domain is set to permissive, SELinux logs policy violations but does not enforce them for processes in that domain. This provides more granular control than global permissive mode (setenforce 0), allowing specific services to be unconfined while the rest of the system remains in enforcing mode.
How do I run a basic semanage-permissive example?
Run `sudo semanage permissive -l` in a terminal, then adjust file names, paths, flags, or remote targets for your system.
What does -l, --list do in semanage-permissive?
List all domains in permissive mode