In-depth analysis of the usage of semanage command
Introduction | The semanage command is used to query and modify the security context of the SELinux default directory. SELinux policy and rule management related commands: seinfo command, sesearch command, getsebool command, setsebool command, semanage command. Let us explain in detail how to use the chcon command. |
semanage {login|user|port|interface|fcontext|translation} -l semanage fcontext -{a|d|m} [-frst] file_specOptions
--l:查询。 fcontext:主要用在安全上下文方面。 -a:增加,你可以增加一些目录的默认安全上下文类型设置。 -m:修改。 -d:删除。Example Check the default security settings of /var/www/html:
semanage fcontext -l SELinux fcontext type Context ....(前面省略).... /var/www(/.*)? all files system_u:object_r:httpd_sys_content_t:s0 ....(後面省略)....
As shown in the above example, we can query the security article of each directory! The directory setting can use regular expressions to specify a range. So what if we want to increase the security of some custom directories? For example, when I want the color setting /srv/samba to become the type of public_content_t inline code, how should I set it?
Use the semanage command to set the default security of the /srv/samba directory. This article is public_content_t:chcon -t public_content_rw_t /var/ftp/incomingAllow users to HHTP access their home directories. This setting is limited to the user's home directory homepage:
mkdir /srv/samba ll -Zd /srv/samba drwxr-xr-x root root root:object_r:var_t /srv/sambaAs shown above, the default situation should be var_tthis dong dong!
semanage fcontext -l | grep '/srv' /srv/.* all files system_u:object_r:var_t:s0 /srv/([^/]*/)?ftp(/.*)? all files system_u:object_r:public_content_t:s0 /srv/([^/]*/)?www(/.*)? all files system_u:object_r:httpd_sys_content_t:s0 /srv/([^/]*/)?rsync(/.*)? all files system_u:object_r:public_content_t:s0 /srv/gallery2(/.*)? all files system_u:object_r:httpd_sys_content_t:s0 /srv directory system_u:object_r:var_t:s0 //看这里!The above is the security information of this article under the default /srv, however, it is not specified to /srv/samba.
semanage fcontext -a -t public_content_t "/srv/samba(/.*)?" semanage fcontext -l | grep '/srv/samba' /srv/samba(/.*)? all files system_u:object_r:public_content_t:s0
cat /etc/selinux/targeted/contexts/files/file_contexts.local # This file is auto-generated by libsemanage # Please use the semanage command to make changes /srv/samba(/.*)? system_u:object_r:public_content_t:s0 #写入这个档案
restorecon -Rv /srv/samba* #尝试恢复默认值 ll -Zd /srv/samba drwxr-xr-x root root system_u:object_r:public_content_t /srv/samba/ #有默认值,以后用restorecon命令来修改比较简单!
The above is the detailed content of In-depth analysis of the usage of semanage command. For more information, please follow other related articles on the PHP Chinese website!

This guide explains how to automatically mount a USB drive on boot in Linux, saving you time and effort. Step 1: Identify Your USB Drive Use the lsblk command to list all block devices. Your USB drive will likely be labeled /dev/sdb1, /dev/sdc1, etc

Cross-platform applications have revolutionized software development, enabling seamless functionality across operating systems like Linux, Windows, and macOS. This eliminates the need to switch apps based on your device, offering consistent experien

Artificial Intelligence (AI) is rapidly transforming numerous sectors, from healthcare and finance to creative fields like art and music. Linux, with its open-source nature, adaptability, and performance capabilities, has emerged as a premier platfo

Looking for a fast, minimal, and efficient Linux distribution without a graphical user interface (GUI)? Lightweight, GUI-less Linux distros are perfect for older hardware or specialized tasks like servers and embedded systems. They consume fewer res

Wine 10.0 stable version release: Running Windows applications on Linux to a higher level Wine, this open source and free application, allows Linux users to run Windows software and games on Unix/Linux operating systems, ushering in the release of the 10.0 stable version! This version has been provided with source code and binary package downloads, and supports various distributions such as Linux, Windows and Mac. This edition embodies a year of hard work and over 8,600 improvements, bringing many exciting improvements. Key highlights include: Enhanced support for Bluetooth devices. Improve support for HID input devices. Optimized performance of 32-bit and 64-bit applications.

This tutorial guides you through installing SQL Server 2022 on RHEL 8.x or 9.x, connecting via the sqlcmd command-line tool, database creation, and basic querying. Prerequisites Before beginning, ensure: A supported RHEL version (RHEL 8 or 9). Sudo

Mozilla Thunderbird 135: Powerful cross-platform mail client Mozilla Thunderbird is a free, open source, cross-platform email, calendar, news, chat and contact management client designed to efficiently handle multiple email accounts and news sources. On February 5, 2025, Mozilla released the Thunderbird 135 version, introducing a number of new features, performance improvements and security fixes. Thunderbird 135 main features: XZ Packaging for Linux Binaries: Smaller files, faster unpacking, and better integration with modern distributions. Cookie storage support: when creating space

This guide demonstrates how to protect files on Linux from accidental renaming or deletion using simple commands. We'll use the file important.txt in /home/user/ as an example. Method 1: Using chattr for Immutability The chattr command modifies fil


Hot AI Tools

Undresser.AI Undress
AI-powered app for creating realistic nude photos

AI Clothes Remover
Online AI tool for removing clothes from photos.

Undress AI Tool
Undress images for free

Clothoff.io
AI clothes remover

Video Face Swap
Swap faces in any video effortlessly with our completely free AI face swap tool!

Hot Article

Hot Tools

MantisBT
Mantis is an easy-to-deploy web-based defect tracking tool designed to aid in product defect tracking. It requires PHP, MySQL and a web server. Check out our demo and hosting services.

EditPlus Chinese cracked version
Small size, syntax highlighting, does not support code prompt function

SublimeText3 English version
Recommended: Win version, supports code prompts!

SublimeText3 Linux new version
SublimeText3 Linux latest version

Notepad++7.3.1
Easy-to-use and free code editor
