SELinux

From 6bit.ch wiki
Revision as of 17:38, 14 May 2022 by Xbl (talk | contribs) (→‎SELinux)
Jump to navigation Jump to search

SELinux

Example:
semanage fcontext -a -s SEUSER -t TYPE '/tmp/d1/(/.*)?'

(/.*)? include all subdirectories and files (semanage)
same as
-R with chcon

Available Commands

Mode Management

sestatus show runtime status and boolean values (-b)
getenforce show current mode of operation
setenforce switch operating mode temporarily

Context Management

chcon change file contexts (does not survive file system relabeling)
restorecon restore default file contexts, referencing /etc/selinux/targeted/contexts/files
semanage fcontext change file contexts (survives file system relabeling)

Policy Management

seinfo show info about policy components
semanage manage policy database
sesearch search rules in policy database

Boolean Management

getsebool display booleans and their settings
setsebool modify booleans temporarily or in policy database
semanage boolean modify boolean values in policy database

Port Management

semanage port manage network ports

Troubleshooting

sealert graphical troubleshooting tool

Retrieved from "http://wiki.6bit.ch/index.php?title=SELinux&oldid=39"