A, chcon command
1. Function
- SELinux security context manually modify the file
2. Command Format
- chcon [-R] [-t type] [-u user] [-r role] 文件
- chcom [-R] --reference = sample file
Parameters and options
- -R: together with the subdirectory of the directory will also change
- -t: followed by the security context of the type of field. For example: httpd_sys_content_t
- -u: followed by the identification (not important). For example: system_u
- -r: followed by the role (not important). For example: system_r
- -v: If change is successful, the result will be changes in the list
- --reference: Take the example of a file when connected to some changes in the type of file
3. Case presentation
- Case I: We will modify the SELinux type of a file is / etc / hosts file type SELinux
The first step: to create a home directory file, then move to the next /etc/cron.d directory. SELinux can see the test file types admin_home_t
Step two: the test of SELinux changes to / etc / hosts file type SELinux
The third step: After modifying View
- SELinux type we use --reference options and then test file was changed to / etc / shadow file: Case II
Step 1: Check / etc / shadow type of SELinux
Step Two: Use options to modify --reference
Two, restorecon command
1. Function
- Let SELinux file types revert to the default SELinux type
- The default SELinux type semanage command, that is the reference semanage default SELinux type this command at inquiry
2. Command Format
- restorecon [-Rv] file / directory
Related parameters
- -R: Modify together with the subdirectory
- -v: the process to the screen
3. this demonstration
- Case: We will SELinux file type above test changed the default SELinux type
The first step: we see /etc/cron.d directory SELinux type: system_cron_spool_t
Step 2: Use the -R option to make /etc/cron.d directory back to the default SELinux SELinux type type
You can see the test file in this directory SELinux type is modified to system_cron_spool_t
Three, semanage command
1. Function
- Query / Modify / increase the default SELinux type / delete files
2. Command Format
- semanage [login/user/port/interface/fcontext/translation] -l
- semanage fcontext -{a/d/m} [-frst] file_spec
Parameters and options
- -l: inquiry
- fcontext: mainly used in terms of use of the security context (conventional)
- -a: increasing mean, you can increase the default security context to set up some type of directory
- -m: Modify the meaning of
- -d: delete the meaning of
3. Case presentation
- Case one: Check the / etc / default SELinux type crom directory. It can be seen as system_cron_spool_t. And all files in the directory are this type
- Case II: View / etc directory of the default SELinux type. It can be seen as etc_t
- Case 3: Verify a directory of SELinux will affect the type of files in the directory / subdirectory
Step one: Create a / srv / mycron directory, then copy the file to the /etc/cron.d/test / srv / mycron directory, look SELinux type. You can see are var_t
Step Two: View / SELinux type srv / directory, you can see a var_t, so the above is that the directories and files
- Case Four: From the previous, will modify the SELinux defaults / srv / mycron directory is system_cron_spool_t. I can see has been modified
-
Case 5: Deck, all the files in the / srv / mycron / directory are changed to their default SELinux type. And then view
