Anybody understand SELinux?
Achim Gratz
Stromeko at Nexgo.DE
Sat Dec 24 12:10:56 UTC 2016
Am 23.12.2016 um 20:59 schrieb Hal Murray:
> Thanks. That sounds right, but what do I type to make it happen?
I think the command to use is chcon, although if you want this change to
persist re-labeling of the filesystem (which is regularly done in
postinstall when SELinux is enabled), you also need to use the
appropriate semanage fcontext incvocation. That's another reason not to
install things around the package manager on SELinux managed systems.
> The whole
> area of files having a security context (I think that's the right term) is
> something I don't know anything about. Is there a HOWTO type document for
> things like this?
There's a number of primers and HowTos for SELinux, but it's
sufficiently complex that you should set up a throwaway system for
experiments before you let it loose. I'm not sure how different the SE
rule sets are for various distributions, the most widely used would
probably be RedHat/CentOS.
--
Achim.
(on the road :-)
More information about the devel
mailing list