#vim /etc/selinux/config

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
SELINUX=enforcing       --->enforcing 有支援selinux
                        --->disabled   關閉 selinux
                        --->permissive 有支援selinux,但不阻擋,只有顯示訊息在log檔中/var/log/messages
# SELINUXTYPE= can take one of these two values:
#     targeted - Targeted processes are protected,
#     mls - Multi Level Security protection.
SELINUXTYPE=targeted

修改此設定檔完後,要重新開機才會生效
#reboot

#sestatus
SELinux status:                 enabled
SELinuxfs mount:                /selinux
Current mode:                   enforcing
Mode from config file:          enforcing
Policy version:                 24
Policy from config file:        targeted
--------------------------------------------
＃顯示Current mode:enforcing   表示目前有支援selinux

#setenforce 0  
有支援selinux,但不阻擋。即為permissive
#setenforce 1
有支援selinux

#ll -dZ /var/www/html/ 
drwxr-xr-x. root root system_u:object_r:httpd_sys_content_t:s0 /var/www/html/
#ls -lZ /tmp/host
-rw-r--r--. root root unconfined_u:object_r:user_tmp_t:s0 /tmp/host
可以看到不同的檔案被SELINUX 標示Security Content就不一樣 
/var/www/html/ ：httpd_sys_content_t
/tmp/host     ：user_tmp_t                                                         

若要設定/tmp/host與/var/www/html/一樣的Security Content
#chcon -t httpd_sys_content_t /tmp/host
#ls -lZ /tmp/host
-rw-r--r--. root root unconfined_u:object_r:httpd_sys_content_t:s0 /tmp/host

除了selinux context 規則外，還有需多以細項規則 off及on來限制。
ex:Apache Web有一項個人用戶網站;以自己的家目錄當個人網站(http:www.xxxx.com/~ali/)，
但是SELINUX開啟時,就會把這項功能oFF掉,因此就要動用到SELINUX Boleans

取得家目錄selinux booleans

#getsebool -a|grep -i httpd|grep -i home
httpd_enable_homedirs --> off

設定selinux Booleans off為 on

#setsebool -P httpd_enable_homedirs=on

yum install policycoreutils-python