SELinux context contains a user, role and context type
Contexts are stored in /etc/selinux/targeted/contexts/files/file_contexts
Assign the context name_log_t to the logs directory
$ semanage fcontext -a -t named_log_t ‘/var/named/chroot/logs(/.*)?’
Assign the dns_port_t context to TCP port 12345.
$ semanage port -a -t dns_port_t -p tcp 12345
Change the context of a file based on another file (not persistent)
$ chcon –reference /var/www/html /var/www/html2
Set the files to their default context
$ restorecon -Rv /var/www/html
List booleans on a system
$ getsebool -a
List boolean values with descriptions
$ semanage boolean -l
Change a boolean value ("-P” makes this persistent)
$ setsebool -P ftpd_anon_write on
Report SELinux violations by analyzing the audit log file
$ sealert -a /var/log/audit/audit.log
You can remedy violations with auti2allow. The output from sealert
shows the commands you need to run.
List system user to SELinux mappings
$ semanage login -l
Change the defaul user mapping to user_u instead of default
$ semanage login -s -S targeted -s “user_u” -r so default
Map the user ollie to the SELinux user staff_u
$ semanage login -a -s staff_u ollie
THe SELinux roles sysadm_r and staff_r are the only roles allowed to use sudo
THIS INFORMATION IS PROVIDED UNDER A GPLV2 LICENSE
THE GPLV2 LICENSE CAN BE VIEWED HERE