search
HomeSystem TutorialLINUXIn-depth analysis of the usage of semanage command

In-depth analysis of the usage of semanage command

Jan 02, 2024 am 11:48 AM
linuxlinux tutorialRed Hatlinux systemlinux commandlinux certificationred hat linuxlinux video

Introduction The semanage command is used to query and modify the security context of the SELinux default directory. SELinux policy and rule management related commands: seinfo command, sesearch command, getsebool command, setsebool command, semanage command. Let us explain in detail how to use the chcon command.
grammar
semanage {login|user|port|interface|fcontext|translation} -l 
semanage fcontext -{a|d|m} [-frst] file_spec
Options
--l:查询。 
fcontext:主要用在安全上下文方面。 
-a:增加,你可以增加一些目录的默认安全上下文类型设置。 
-m:修改。 
-d:删除。
Example Check the default security settings of /var/www/html:
semanage fcontext -l 
SELinux fcontext type Context 
....(前面省略).... /var/www(/.*)? all files system_u:object_r:httpd_sys_content_t:s0 ....(後面省略)....

As shown in the above example, we can query the security article of each directory! The directory setting can use regular expressions to specify a range. So what if we want to increase the security of some custom directories? For example, when I want the color setting /srv/samba to become the type of public_content_t inline code, how should I set it?

Use the semanage command to set the default security of the /srv/samba directory. This article is public_content_t:
chcon -t public_content_rw_t /var/ftp/incoming
Allow users to HHTP access their home directories. This setting is limited to the user's home directory homepage:
mkdir /srv/samba 
ll -Zd /srv/samba 
drwxr-xr-x root root root:object_r:var_t /srv/samba
As shown above, the default situation should be var_tthis dong dong!
semanage fcontext -l | grep '/srv' 
/srv/.* all files system_u:object_r:var_t:s0 
/srv/([^/]*/)?ftp(/.*)? all files system_u:object_r:public_content_t:s0 
/srv/([^/]*/)?www(/.*)? all files system_u:object_r:httpd_sys_content_t:s0 /srv/([^/]*/)?rsync(/.*)? all files system_u:object_r:public_content_t:s0 /srv/gallery2(/.*)? all files system_u:object_r:httpd_sys_content_t:s0 
/srv directory system_u:object_r:var_t:s0 //看这里!
The above is the security information of this article under the default /srv, however, it is not specified to /srv/samba.
semanage fcontext -a -t public_content_t "/srv/samba(/.*)?" 
semanage fcontext -l | grep '/srv/samba' 
/srv/samba(/.*)? all files system_u:object_r:public_content_t:s0
cat /etc/selinux/targeted/contexts/files/file_contexts.local 
# This file is auto-generated by libsemanage # Please use the semanage command to make changes 
/srv/samba(/.*)? system_u:object_r:public_content_t:s0 #写入这个档案
restorecon -Rv /srv/samba* #尝试恢复默认值 ll -Zd /srv/samba drwxr-xr-x root root system_u:object_r:public_content_t /srv/samba/ #有默认值,以后用restorecon命令来修改比较简单!

The above is the detailed content of In-depth analysis of the usage of semanage command. For more information, please follow other related articles on the PHP Chinese website!

Statement
This article is reproduced at:Linux就该这么学. If there is any infringement, please contact admin@php.cn delete
How to Make a USB Drive Mount Automatically in LinuxHow to Make a USB Drive Mount Automatically in LinuxApr 30, 2025 am 10:04 AM

This guide explains how to automatically mount a USB drive on boot in Linux, saving you time and effort. Step 1: Identify Your USB Drive Use the lsblk command to list all block devices. Your USB drive will likely be labeled /dev/sdb1, /dev/sdc1, etc

Best Cross-Platform Apps for Linux, Windows, and Mac in 2025Best Cross-Platform Apps for Linux, Windows, and Mac in 2025Apr 30, 2025 am 09:57 AM

Cross-platform applications have revolutionized software development, enabling seamless functionality across operating systems like Linux, Windows, and macOS. This eliminates the need to switch apps based on your device, offering consistent experien

Best Linux Tools for AI and Machine Learning in 2025Best Linux Tools for AI and Machine Learning in 2025Apr 30, 2025 am 09:44 AM

Artificial Intelligence (AI) is rapidly transforming numerous sectors, from healthcare and finance to creative fields like art and music. Linux, with its open-source nature, adaptability, and performance capabilities, has emerged as a premier platfo

5 Best Lightweight Linux Distros Without a GUI5 Best Lightweight Linux Distros Without a GUIApr 30, 2025 am 09:38 AM

Looking for a fast, minimal, and efficient Linux distribution without a graphical user interface (GUI)? Lightweight, GUI-less Linux distros are perfect for older hardware or specialized tasks like servers and embedded systems. They consume fewer res

How to Install Wine 10.0 in RedHat DistributionsHow to Install Wine 10.0 in RedHat DistributionsApr 30, 2025 am 09:32 AM

Wine 10.0 stable version release: Running Windows applications on Linux to a higher level Wine, this open source and free application, allows Linux users to run Windows software and games on Unix/Linux operating systems, ushering in the release of the 10.0 stable version! This version has been provided with source code and binary package downloads, and supports various distributions such as Linux, Windows and Mac. This edition embodies a year of hard work and over 8,600 improvements, bringing many exciting improvements. Key highlights include: Enhanced support for Bluetooth devices. Improve support for HID input devices. Optimized performance of 32-bit and 64-bit applications.

How to Install and Configure SQL Server on RHELHow to Install and Configure SQL Server on RHELApr 30, 2025 am 09:27 AM

This tutorial guides you through installing SQL Server 2022 on RHEL 8.x or 9.x, connecting via the sqlcmd command-line tool, database creation, and basic querying. Prerequisites Before beginning, ensure: A supported RHEL version (RHEL 8 or 9). Sudo

How to Install Thunderbird 135 on a Linux DesktopHow to Install Thunderbird 135 on a Linux DesktopApr 30, 2025 am 09:26 AM

Mozilla Thunderbird 135: Powerful cross-platform mail client Mozilla Thunderbird is a free, open source, cross-platform email, calendar, news, chat and contact management client designed to efficiently handle multiple email accounts and news sources. On February 5, 2025, Mozilla released the Thunderbird 135 version, introducing a number of new features, performance improvements and security fixes. Thunderbird 135 main features: XZ Packaging for Linux Binaries: Smaller files, faster unpacking, and better integration with modern distributions. Cookie storage support: when creating space

How to Lock Files for Renaming or Deleting in LinuxHow to Lock Files for Renaming or Deleting in LinuxApr 30, 2025 am 09:11 AM

This guide demonstrates how to protect files on Linux from accidental renaming or deletion using simple commands. We'll use the file important.txt in /home/user/ as an example. Method 1: Using chattr for Immutability The chattr command modifies fil

See all articles

Hot AI Tools

Undresser.AI Undress

Undresser.AI Undress

AI-powered app for creating realistic nude photos

AI Clothes Remover

AI Clothes Remover

Online AI tool for removing clothes from photos.

Undress AI Tool

Undress AI Tool

Undress images for free

Clothoff.io

Clothoff.io

AI clothes remover

Video Face Swap

Video Face Swap

Swap faces in any video effortlessly with our completely free AI face swap tool!

Hot Tools

MantisBT

MantisBT

Mantis is an easy-to-deploy web-based defect tracking tool designed to aid in product defect tracking. It requires PHP, MySQL and a web server. Check out our demo and hosting services.

EditPlus Chinese cracked version

EditPlus Chinese cracked version

Small size, syntax highlighting, does not support code prompt function

SublimeText3 English version

SublimeText3 English version

Recommended: Win version, supports code prompts!

SublimeText3 Linux new version

SublimeText3 Linux new version

SublimeText3 Linux latest version

Notepad++7.3.1

Notepad++7.3.1

Easy-to-use and free code editor