selinux 常用命令
查看是否有被selinux阻挡
sudo cat /var/log/audit/audit.log | grep denied
boolean
查看boolean状态
sudo sestatus -b
sudo sestatus -b | grep -i sendmail
设置boolean
sudo setsebool -P $boolean名 $1或0
常用boolean
| boolean名 | 意义 |
|---|---|
| httpd_can_network_connect | 允许httpd反向代理 |
| httpd_can_sendmail | 允许httpd发送邮件 |
semanager
安装semanager
sudo yum install -y policycoreutils-python
Centos 8
sudo yum install -y policycoreutils-python-utils
获取系统中的可用label
sudo semanage fcontext -l |grep {SOMETHING}
给文件设置label
sudo semanage fcontext -a -t httpd_sys_content_t /path/to/file
restorecon -v /path/to/file
给文件夹设置label
sudo semanage fcontext -a -t httpd_sys_content_t "/path/to/dir(/.*)?"
restorecon -R -v /path/to/dir