In-depth analysis of the usage of semanage command-LINUX-php.cn

Home

System Tutorial

LINUX

In-depth analysis of the usage of semanage command

WBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWB

Jan 02, 2024 am 11:48 AM

linuxlinux tutorialRed Hatlinux systemlinux commandlinux certificationred hat linuxlinux video

Introduction

The semanage command is used to query and modify the security context of the SELinux default directory. SELinux policy and rule management related commands: seinfo command, sesearch command, getsebool command, setsebool command, semanage command. Let us explain in detail how to use the chcon command.

grammar

semanage {login|user|port|interface|fcontext|translation} -l 
semanage fcontext -{a|d|m} [-frst] file_spec

Options

--l：查询。 
fcontext：主要用在安全上下文方面。 
-a：增加，你可以增加一些目录的默认安全上下文类型设置。 
-m：修改。 
-d：删除。

Example Check the default security settings of /var/www/html:

semanage fcontext -l 
SELinux fcontext type Context 
....(前面省略).... /var/www(/.*)? all files system_u:object_r:httpd_sys_content_t:s0 ....(後面省略)....

As shown in the above example, we can query the security article of each directory! The directory setting can use regular expressions to specify a range. So what if we want to increase the security of some custom directories? For example, when I want the color setting /srv/samba to become the type of public_content_t inline code, how should I set it?

Use the semanage command to set the default security of the /srv/samba directory. This article is public_content_t:

chcon -t public_content_rw_t /var/ftp/incoming

Allow users to HHTP access their home directories. This setting is limited to the user's home directory homepage:

mkdir /srv/samba 
ll -Zd /srv/samba 
drwxr-xr-x root root root:object_r:var_t /srv/samba

As shown above, the default situation should be var_tthis dong dong!

semanage fcontext -l | grep '/srv' 
/srv/.* all files system_u:object_r:var_t:s0 
/srv/([^/]*/)?ftp(/.*)? all files system_u:object_r:public_content_t:s0 
/srv/([^/]*/)?www(/.*)? all files system_u:object_r:httpd_sys_content_t:s0 /srv/([^/]*/)?rsync(/.*)? all files system_u:object_r:public_content_t:s0 /srv/gallery2(/.*)? all files system_u:object_r:httpd_sys_content_t:s0 
/srv directory system_u:object_r:var_t:s0 //看这里！

The above is the security information of this article under the default /srv, however, it is not specified to /srv/samba.

semanage fcontext -a -t public_content_t "/srv/samba(/.*)?" 
semanage fcontext -l | grep '/srv/samba' 
/srv/samba(/.*)? all files system_u:object_r:public_content_t:s0

cat /etc/selinux/targeted/contexts/files/file_contexts.local 
# This file is auto-generated by libsemanage # Please use the semanage command to make changes 
/srv/samba(/.*)? system_u:object_r:public_content_t:s0 #写入这个档案

restorecon -Rv /srv/samba* #尝试恢复默认值 ll -Zd /srv/samba drwxr-xr-x root root system_u:object_r:public_content_t /srv/samba/ #有默认值，以后用restorecon命令来修改比较简单！

The above is the detailed content of In-depth analysis of the usage of semanage command. For more information, please follow other related articles on the PHP Chinese website!

Statement

This article is reproduced at:Linux就该这么学. If there is any infringement, please contact admin@php.cn delete

How to Make a USB Drive Mount Automatically in LinuxApr 30, 2025 am 10:04 AM

This guide explains how to automatically mount a USB drive on boot in Linux, saving you time and effort. Step 1: Identify Your USB Drive Use the lsblk command to list all block devices. Your USB drive will likely be labeled /dev/sdb1, /dev/sdc1, etc

Best Cross-Platform Apps for Linux, Windows, and Mac in 2025Apr 30, 2025 am 09:57 AM

Cross-platform applications have revolutionized software development, enabling seamless functionality across operating systems like Linux, Windows, and macOS. This eliminates the need to switch apps based on your device, offering consistent experien

Best Linux Tools for AI and Machine Learning in 2025Apr 30, 2025 am 09:44 AM

Artificial Intelligence (AI) is rapidly transforming numerous sectors, from healthcare and finance to creative fields like art and music. Linux, with its open-source nature, adaptability, and performance capabilities, has emerged as a premier platfo

5 Best Lightweight Linux Distros Without a GUIApr 30, 2025 am 09:38 AM

Looking for a fast, minimal, and efficient Linux distribution without a graphical user interface (GUI)? Lightweight, GUI-less Linux distros are perfect for older hardware or specialized tasks like servers and embedded systems. They consume fewer res

How to Install Wine 10.0 in RedHat DistributionsApr 30, 2025 am 09:32 AM

Wine 10.0 stable version release: Running Windows applications on Linux to a higher level Wine, this open source and free application, allows Linux users to run Windows software and games on Unix/Linux operating systems, ushering in the release of the 10.0 stable version! This version has been provided with source code and binary package downloads, and supports various distributions such as Linux, Windows and Mac. This edition embodies a year of hard work and over 8,600 improvements, bringing many exciting improvements. Key highlights include: Enhanced support for Bluetooth devices. Improve support for HID input devices. Optimized performance of 32-bit and 64-bit applications.

How to Install and Configure SQL Server on RHELApr 30, 2025 am 09:27 AM

This tutorial guides you through installing SQL Server 2022 on RHEL 8.x or 9.x, connecting via the sqlcmd command-line tool, database creation, and basic querying. Prerequisites Before beginning, ensure: A supported RHEL version (RHEL 8 or 9). Sudo

How to Install Thunderbird 135 on a Linux DesktopApr 30, 2025 am 09:26 AM

Mozilla Thunderbird 135: Powerful cross-platform mail client Mozilla Thunderbird is a free, open source, cross-platform email, calendar, news, chat and contact management client designed to efficiently handle multiple email accounts and news sources. On February 5, 2025, Mozilla released the Thunderbird 135 version, introducing a number of new features, performance improvements and security fixes. Thunderbird 135 main features: XZ Packaging for Linux Binaries: Smaller files, faster unpacking, and better integration with modern distributions. Cookie storage support: when creating space

How to Lock Files for Renaming or Deleting in LinuxApr 30, 2025 am 09:11 AM

This guide demonstrates how to protect files on Linux from accidental renaming or deletion using simple commands. We'll use the file important.txt in /home/user/ as an example. Method 1: Using chattr for Immutability The chattr command modifies fil

See all articles