In-depth analysis of the usage of semanage command
| Introduction | The semanage command is used to query and modify the security context of the SELinux default directory. SELinux policy and rule management related commands: seinfo command, sesearch command, getsebool command, setsebool command, semanage command. Let us explain in detail how to use the chcon command. |
semanage {login|user|port|interface|fcontext|translation} -l
semanage fcontext -{a|d|m} [-frst] file_spec--l:查询。 fcontext:主要用在安全上下文方面。 -a:增加,你可以增加一些目录的默认安全上下文类型设置。 -m:修改。 -d:删除。
semanage fcontext -l SELinux fcontext type Context ....(前面省略).... /var/www(/.*)? all files system_u:object_r:httpd_sys_content_t:s0 ....(後面省略)....
As shown in the above example, we can query the security article of each directory! The directory setting can use regular expressions to specify a range. So what if we want to increase the security of some custom directories? For example, when I want the color setting /srv/samba to become the type of public_content_t inline code, how should I set it?
Use the semanage command to set the default security of the /srv/samba directory. This article is public_content_t:chcon -t public_content_rw_t /var/ftp/incoming
mkdir /srv/samba ll -Zd /srv/samba drwxr-xr-x root root root:object_r:var_t /srv/samba
semanage fcontext -l | grep '/srv' /srv/.* all files system_u:object_r:var_t:s0 /srv/([^/]*/)?ftp(/.*)? all files system_u:object_r:public_content_t:s0 /srv/([^/]*/)?www(/.*)? all files system_u:object_r:httpd_sys_content_t:s0 /srv/([^/]*/)?rsync(/.*)? all files system_u:object_r:public_content_t:s0 /srv/gallery2(/.*)? all files system_u:object_r:httpd_sys_content_t:s0 /srv directory system_u:object_r:var_t:s0 //看这里!
semanage fcontext -a -t public_content_t "/srv/samba(/.*)?" semanage fcontext -l | grep '/srv/samba' /srv/samba(/.*)? all files system_u:object_r:public_content_t:s0
cat /etc/selinux/targeted/contexts/files/file_contexts.local # This file is auto-generated by libsemanage # Please use the semanage command to make changes /srv/samba(/.*)? system_u:object_r:public_content_t:s0 #写入这个档案
restorecon -Rv /srv/samba* #尝试恢复默认值 ll -Zd /srv/samba drwxr-xr-x root root system_u:object_r:public_content_t /srv/samba/ #有默认值,以后用restorecon命令来修改比较简单!
The above is the detailed content of In-depth analysis of the usage of semanage command. For more information, please follow other related articles on the PHP Chinese website!
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
AI Hentai Generator
Generate AI Hentai for free.
Hot Article
Hot Tools
Notepad++7.3.1
Easy-to-use and free code editor
SublimeText3 Chinese version
Chinese version, very easy to use
Zend Studio 13.0.1
Powerful PHP integrated development environment
Dreamweaver CS6
Visual web development tools
SublimeText3 Mac version
God-level code editing software (SublimeText3)
Hot Topics
deepseek web version entrance deepseek official website entrance
Feb 19, 2025 pm 04:54 PM
DeepSeek is a powerful intelligent search and analysis tool that provides two access methods: web version and official website. The web version is convenient and efficient, and can be used without installation; the official website provides comprehensive product information, download resources and support services. Whether individuals or corporate users, they can easily obtain and analyze massive data through DeepSeek to improve work efficiency, assist decision-making and promote innovation.
How to install deepseek
Feb 19, 2025 pm 05:48 PM
There are many ways to install DeepSeek, including: compile from source (for experienced developers) using precompiled packages (for Windows users) using Docker containers (for most convenient, no need to worry about compatibility) No matter which method you choose, Please read the official documents carefully and prepare them fully to avoid unnecessary trouble.
Ouyi okx installation package is directly included
Feb 21, 2025 pm 08:00 PM
Ouyi OKX, the world's leading digital asset exchange, has now launched an official installation package to provide a safe and convenient trading experience. The OKX installation package of Ouyi does not need to be accessed through a browser. It can directly install independent applications on the device, creating a stable and efficient trading platform for users. The installation process is simple and easy to understand. Users only need to download the latest version of the installation package and follow the prompts to complete the installation step by step.
BITGet official website installation (2025 beginner's guide)
Feb 21, 2025 pm 08:42 PM
BITGet is a cryptocurrency exchange that provides a variety of trading services including spot trading, contract trading and derivatives. Founded in 2018, the exchange is headquartered in Singapore and is committed to providing users with a safe and reliable trading platform. BITGet offers a variety of trading pairs, including BTC/USDT, ETH/USDT and XRP/USDT. Additionally, the exchange has a reputation for security and liquidity and offers a variety of features such as premium order types, leveraged trading and 24/7 customer support.
Get the gate.io installation package for free
Feb 21, 2025 pm 08:21 PM
Gate.io is a popular cryptocurrency exchange that users can use by downloading its installation package and installing it on their devices. The steps to obtain the installation package are as follows: Visit the official website of Gate.io, click "Download", select the corresponding operating system (Windows, Mac or Linux), and download the installation package to your computer. It is recommended to temporarily disable antivirus software or firewall during installation to ensure smooth installation. After completion, the user needs to create a Gate.io account to start using it.
Ouyi Exchange Download Official Portal
Feb 21, 2025 pm 07:51 PM
Ouyi, also known as OKX, is a world-leading cryptocurrency trading platform. The article provides a download portal for Ouyi's official installation package, which facilitates users to install Ouyi client on different devices. This installation package supports Windows, Mac, Android and iOS systems. Users can choose the corresponding version to download according to their device type. After the installation is completed, users can register or log in to the Ouyi account, start trading cryptocurrencies and enjoy other services provided by the platform.
Why does an error occur when installing an extension using PECL in a Docker environment? How to solve it?
Apr 01, 2025 pm 03:06 PM
Causes and solutions for errors when using PECL to install extensions in Docker environment When using Docker environment, we often encounter some headaches...
gate.io official website registration installation package link
Feb 21, 2025 pm 08:15 PM
Gate.io is a highly acclaimed cryptocurrency trading platform known for its extensive token selection, low transaction fees and a user-friendly interface. With its advanced security features and excellent customer service, Gate.io provides traders with a reliable and convenient cryptocurrency trading environment. If you want to join Gate.io, please click the link provided to download the official registration installation package to start your cryptocurrency trading journey.
