Shulou(Shulou.com)06/01 Report--

This article mainly introduces "how to use the restorecon command". In the daily operation, I believe many people have doubts about how to use the restorecon command. The editor consulted all kinds of materials and sorted out simple and easy-to-use operation methods. I hope it will be helpful to answer the doubts about how to use the restorecon command. Next, please follow the editor to study!

Syntax restorecon [- iFnrRv] [- e excludedir] [- o filename] [- f filename | pathname...] Option-I: ignore files that do not exist. -f:infilename file infilename records the files to be processed. -e:directory excludes directories. -Rhand Murr: recursively processes directories. -n: do not change the file label. -o/outfilename: save the file list to outfilename, if the file is incorrect. -v: displays the process on the screen. -F: force file security context to be restored. Example

Suppose CentOS installs apache, and the default home directory of the web page is / var/www/html. We often encounter this problem. We create a web page file in another directory, and then use mv to move it to the default web page directory / var/www/html, but the file cannot be opened in the browser. This is probably because the SELinux configuration information of this file inherits the original directory, which is different from the / var/www/html directory. When using mv Mobile, this SELinux configuration information is also moved, so that the page cannot be opened. For more information, please see the following example:

/ * use CentOS as an example. If apache is not installed by default, ensure the network connection, use the following command to install * / [root@linuxde.net ~] # yum install httpd/* We create a new html file in root's home directory * / [root@linuxde.net ~] # pwd/root [root@linuxde.net ~] # vi index.html/* enter any text Save and exit * / welcome to www.linuxde.net/* mv this file to the default directory of the web page * / [root@linuxde.net ~] # mv index.html / var/www/html//** when we use the firefox browser to type 127.0.0.1/index.html and find that it won't open. * take a look at the SELinux log file and find the following error message. It is not difficult to see from this error message. * the process httpd is blocked by SELinux when accessing the index.html in the home directory of the web page, because the SELinux configuration information is incorrect. * the correct SELinux configuration information should be the part after the scontext=, * while the SELinux configuration information of the index.html file is the part after the tcontext=. * from the third paragraph "admin_home_t" of tcontext=, it is not difficult to see that the SELinux configuration information of this file belongs to the root user's home directory. * / type=AVC msg=audit (1378974214.610 open 465): avc: denied {open} for pid=2359 comm= "httpd" path= "/ var/www/html/index.html" dev= "sda1" ino=1317685 scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:object_r:admin_home_t:s0tclass=file/* using ls-Z, you can also see that the SELinux information of the file and directory does not match * / [root@linuxde.net html] # ls-Z / var/www/html/.... Unconfined_u:object_r:admin_home_t:s0 index.html [root@linuxde.net html] # ls-Zd / var/www/html/.... System_u:object_r:httpd_sys_content_t:s0 / var/www/html//* uses restorecon to recover the SELinux configuration information of all files in the home directory of the web page (if the target is a directory, you can add the-R parameter recursion) * / [root@linuxde.net html] # restorecon-R / var/www/html/ so far, the study on "how to use the restorecon command" is over. I hope you can solve your doubts. The collocation of theory and practice can better help you learn, go and try it! If you want to continue to learn more related knowledge, please continue to follow the website, the editor will continue to work hard to bring you more practical articles!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.