Here are some really good SElinux resources:
http://www.linuxsecurity.com/content/view/120622/49/http://www.linuxsecurity.com/content/view/120837/169/
http://www.it-observer.com/articles.php?id=1013
Touch up a folder for apache to access (change file context labels recursively):
chcon -R -t httpd_sys_content_t
Touch up a folder for samba to access (change file context labels recursively):
chcon -R -t samba_share_t /backups
To reset the labels on all mounted filesystems:
restorecon -Rv /
If you need the filesystems to be relabeled on bootup, do this and then reboot:
touch /.autorelabel
To boot once with SELinux enforcement disabled, add the enforcing=0 flag to the kernel boot line.
To get the kernel's enforcement status:
getenforce
To change the kernel's enforcement status to "permissive" (aka log-only):
setenforce 0
To change the kernel's enforcement status to "Enforcing" (aka block access):
setenforce 1
(edit /etc/selinux/config to make the changes persistent across reboots)
No comments:
Post a Comment