SELinux: differenze tra le versioni
Jump to navigation
Jump to search
Nessun oggetto della modifica |
|||
Riga 5: | Riga 5: | ||
==Cambiare contesto a file e filesystem== |
==Cambiare contesto a file e filesystem== |
||
<code> |
|||
⚫ | |||
⚫ | |||
⚫ | |||
⚫ | |||
⚫ | |||
⚫ | |||
⚫ | |||
⚫ | |||
⚫ | |||
[root@vm-amq-tst02 opt]# |
[root@vm-amq-tst02 opt]# mount /mount/activemq |
||
⚫ | |||
⚫ | |||
⚫ | |||
⚫ | |||
drwxrwxrwx. 2 root root system_u:object_r:nfs_t:s0 64 Nov 2 16:43 . |
|||
⚫ | |||
⚫ | |||
⚫ | |||
⚫ | |||
⚫ | |||
⚫ | |||
⚫ | |||
⚫ | |||
⚫ | |||
⚫ | |||
⚫ | |||
</code> |
|||
Versione delle 21:22, 13 nov 2022
Tutorial
https://debian-handbook.info/browse/it-IT/stable/sect.selinux.html
RHEL
Cambiare contesto a file e filesystem
[root@vm-amq-tst02 opt]# mount /mount/activemq [root@vm-amq-tst02 opt]# ls -lartZ /mount/activemq total 1 drwxrwxrwx. 2 root root system_u:object_r:nfs_t:s0 64 Nov 2 16:43 . drwxr-xr-x. 3 root root unconfined_u:object_r:default_t:s0 22 Nov 13 18:52 .. [root@vm-amq-tst02 opt]# [root@vm-amq-tst02 opt]# semanage fcontext -a -t usr_t /mount/activemq [root@vm-amq-tst02 opt]# [root@vm-amq-tst02 opt]# restorecon -p -r /mount/activemq [root@vm-amq-tst02 opt]# ls -lartZ /mount/activemq total 1 drwxrwxrwx. 2 root root system_u:object_r:nfs_t:s0 64 Nov 2 16:43 . drwxr-xr-x. 3 root root unconfined_u:object_r:default_t:s0 22 Nov 13 18:52 .. [root@vm-amq-tst02 opt]#
semanage fcontext --list
grep nginx /etc/selinux/targeted/contexts/files/file_contexts
ls -laZ /etc/nginx/html/
https://www.cloudinsidr.com/content/tip-of-the-day-how-to-find-the-correct-selinux-security-contexts-and-adjust-selinux-labels-on-your-linux-system/
https://www.systutorials.com/docs/linux/man/8-systemd_selinux/
Porcata:
Easy but bad solution, allow init_t to run in permissive mode. At least you don't have to run the whole system in permissive mode...
Enable: # semanage permissive -a init_t
Disable: # semanage permissive -d init_t
systemd
Systemd consente di modificare il contesto in cui gira un processo.
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/selinux_users_and_administrators_guide/chap-security-enhanced_linux-systemd_access_control