我正在使用SELinux。我使用chcon命令在目标安全性上下文中更改了TYPE。但是chcon无效。我想将我的类型从unconfined_t更改为httpd_t。
1。 httpd进程的原始类型
[centos~]$ ps -efZ | grep httpd
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 root 27870 1 0 11:50 ? 00:00:00 /usr/local/apache/bin/httpd -k start
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 daemon 27874 27870 0 11:50 ? 00:00:00 /usr/local/apache/bin/httpd -k start
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 daemon 27875 27870 0 11:50 ? 00:00:00 /usr/local/apache/bin/httpd -k start
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 daemon 27876 27870 0 11:50 ? 00:00:00 /usr/local/apache/bin/httpd -k start
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 centos 27961 27132 0 11:50 pts/0 00:00:00 grep --color=auto httpd
2。 httpd的原始类型
[centos@bin]$ ls -lZ | grep httpd
-r-x--x--x. root root unconfined_u:object_r:usr_t:s0 httpd
[centos@bin]$ ls -lZ | grep apachectl
-r-x--x--x. centos centos unconfined_u:object_r:usr_t:s0 apachectl
3。使用chcon更改httpd的类型
[centos@bin]$ sudo ./apachectl stop
[centos@bin]$ sudo chcon -t httpd_exec_t httpd
4。 httpd的新类型
[centos@bin]$ ls -lZ | grep httpd
-rwxr-xr-x. root root unconfined_u:object_r:httpd_exec_t:s0 httpd
5。启动httpd并检查了httpd进程的新类型
[centos@bin]$ sudo ./apachectl start
[centos@bin]$ ps -efZ | grep httpd
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 root 3390 1 0 14:26 ? 00:00:00 /usr/local/apache/bin/httpd -k start
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 daemon 3394 3390 0 14:26 ? 00:00:00 /usr/local/apache/bin/httpd -k start
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 daemon 3395 3390 0 14:26 ? 00:00:00 /usr/local/apache/bin/httpd -k start
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 daemon 3396 3390 0 14:26 ? 00:00:00 /usr/local/apache/bin/httpd -k start
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 centos 3486 1974 0 14:26 pts/0 00:00:00 grep --color=auto httpd
chcon无效。 TYPE仍为unconfined_t。我该怎么办?我不知道。