Anybody understand SELinux?

Achim Gratz Stromeko at Nexgo.DE
Sat Dec 24 12:10:56 UTC 2016


Am 23.12.2016 um 20:59 schrieb Hal Murray:
> Thanks.  That sounds right, but what do I type to make it happen?

I think the command to use is chcon, although if you want this change to 
persist re-labeling of the filesystem (which is regularly done in 
postinstall when SELinux is enabled), you also need to use the 
appropriate semanage fcontext incvocation.  That's another reason not to 
install things around the package manager on SELinux managed systems.

>  The whole
> area of files having a security context (I think that's the right term) is
> something I don't know anything about.  Is there a HOWTO type document for
> things like this?

There's a number of primers and HowTos for SELinux, but it's 
sufficiently complex that you should set up a throwaway system for 
experiments before you let it loose.  I'm not sure how different the SE 
rule sets are for various distributions, the most widely used would 
probably be RedHat/CentOS.


-- 
Achim.

(on the road :-)



More information about the devel mailing list