建议在干净的系统下进行配置, 本文假设您的系统是初装后的状态
运行uname查看当前内核, 包含Linode字样(3.15.4-x86_64-linode45)即需要更换内核
# uname -a
Linux localhost.localdomain 3.15.4-x86_64-linode45 #1 SMP Mon Jul 7 08:42:36 EDT 2014 x86_64 x86_64 x86_64 GNU/Linux
首先安装自己的内核来接替Linode提供的内核
# yum install kernel
查看安装的kernel和initramfs文件名
# ls -o /boot
< ...... >
initramfs-3.10.0-123.8.1.el7.x86_64.img
vmlinuz-3.10.0-123.8.1.el7.x86_64
< ...... >
编辑GRUB的启动配置
# nano /boot/grub/menu.lst
timeout 0
title CentOS
root (hd0)
kernel /boot/vmlinuz-3.10.0-123.8.1.el7.x86_64 root=/dev/xvda
initrd /boot/initramfs-3.10.0-123.8.1.el7.x86_64.img
然后在Linode面板上的Profile里将Kernel从Latest 64 bit (默认)修改为pv-grub-x86_64
最后运行uname检查是否更换成功(不包含Linode字样), 接着进入下一阶段
# uname -a
Linux localhost.localdomain 3.10.0-123.8.1.el7.x86_64 #1 SMP Mon Sep 22 19:06:58 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux
现在的SELinux状态应该是关闭状态
# sestatus
SELinux status: disabled
安装必要的软件包
# yum install policycoreutils policycoreutils-python selinux-policy \
> selinux-policy-targeted libselinux-utils setroubleshoot-server \
> setools setools-console mcstrans
Permissive方式启用SELinux, 以完成正式进入开启状态的准备(标记文件与更新系统信息等)
# nano /etc/selinux/config
< ...... >
SELINUX=permissive
< ...... >
# reboot
重启后运行sestatus就能看到SELinux开始生效了, 再检查系统日志有无报错
# sestatus
SELinux status: enabled
< ...... >
Current mode: permissive
Mode from config file: permissive
< ...... >
# cat /var/log/messages | grep "SELinux"
localhost kernel: SELinux: Initializing.
localhost kernel: SELinux: Disabled at runtime.
localhost kernel: SELinux: Initializing.
localhost systemd[1]: Successfully loaded SELinux policy in 234.869ms.
忽视错误而直接以Enforcing方式开启SELinux可能会导致不能启动
再次修改SELinux配置文件以完全启用
# nano /etc/selinux/config
< ...... >
SELINUX=enforcing
< ...... >
#reboot
重启完成后检查SELinux状态
# sestatus
SELinux status: enabled
< ...... >
Current mode: enforcing
Mode from config file: enforcing
< ...... >