Difference between revisions of "SELinux"
(Created page with "= SELinux = == Available Commands == === Mode Management === <code>sestatus</code> show runtime status and boolean values (-b)</br> <code>getenforce</code> show current mode of operation</br> <code>setenforce</code> switch operating mode temporarily</br> === Context Management === <code>chcon</code> change file contexts (does not survive file system relabeling)</br> <code>restorecon</code> restore default file contexts, referencing /etc/selinux/targeted/contexts/fil...") |
|||
| (2 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
= SELinux = | = SELinux = | ||
Example:</br> | |||
<code>semanage fcontext -a -s SEUSER -t TYPE '/tmp/d1(/.*)?'</code> | |||
<code>(/.*)?</code> include all subdirectories and files (semanage)</br> | |||
same as </br> | |||
<code>-R</code> with chcon | |||
== Available Commands == | == Available Commands == | ||
| Line 26: | Line 33: | ||
<code>setsebool</code> modify booleans temporarily or in policy database</br> | <code>setsebool</code> modify booleans temporarily or in policy database</br> | ||
<code>semanage boolean</code> modify boolean values in policy database</br> | <code>semanage boolean</code> modify boolean values in policy database</br> | ||
=== Port Management === | |||
<code>semanage port</code> manage network ports</br> | |||
=== Troubleshooting === | === Troubleshooting === | ||
<code>sealert</code> graphical troubleshooting tool | <code>sealert</code> graphical troubleshooting tool | ||
Latest revision as of 20:09, 14 May 2022
SELinux
Example:
semanage fcontext -a -s SEUSER -t TYPE '/tmp/d1(/.*)?'
(/.*)? include all subdirectories and files (semanage)
same as
-R with chcon
Available Commands
Mode Management
sestatus show runtime status and boolean values (-b)
getenforce show current mode of operation
setenforce switch operating mode temporarily
Context Management
chcon change file contexts (does not survive file system relabeling)
restorecon restore default file contexts, referencing /etc/selinux/targeted/contexts/files
semanage fcontext change file contexts (survives file system relabeling)
Policy Management
seinfo show info about policy components
semanage manage policy database
sesearch search rules in policy database
Boolean Management
getsebool display booleans and their settings
setsebool modify booleans temporarily or in policy database
semanage boolean modify boolean values in policy database
Port Management
semanage port manage network ports
Troubleshooting
sealert graphical troubleshooting tool