Shulou(Shulou.com)06/01 Report--

This article mainly introduces the use of the semanage command in Linux. It is very detailed and has a certain reference value. Friends who are interested must finish reading it!

The Linux common command semanage command is used to query and modify the security context of the SELinux default directory.

Security context query and modification of semanage default directory

Add SELinux's policy and rule management related commands: seinfo command, sesearch command, getsebool command, setsebool command, semanage command.

Syntax semanage {login | user | port | interface | fcontext | translation}-l semanage fcontext-{a | d | m} [- frst] file_spec option-l: query. Fcontext: mainly used in security context. -a: add, you can add some directory default security context type settings. -m: modify. -d: delete. Instance to query the default security of / var/www/html the settings of this article:

Semanage fcontext-l SELinux fcontext type Context.... (omitted before). / var/www (/. *) All files system_u:object_r:httpd_sys_content_t:s0.... (omitted later). As shown in the above example, we can query the security of each directory in this article! The setting of the directory can use regular expressions to specify a range. What if we want to add security to some custom directories? For example, what should I do if I want the color setting / srv/samba to become the type of public_content_t?

Use the semanage command to set the default security of the / srv/samba directory. This article is public_content_t:

Mkdir / srv/samba ll-Zd / srv/samba drwxr-xr-x root root root:object_r:var_t / srv/samba as shown above, the default should be var_t!

Semanage fcontext-l | grep'/ srv' / srv/.* all files system_u:object_r:var_t:s0 / srv/ ([^ /] * /)? ftp (/. *)? All files system_u:object_r:public_content_t:s0 / srv/ ([^ /] * /)? www (/. *)? All files system_u:object_r:httpd_sys_content_t:s0 / srv/ ([^ /] * /)? rsync (/. *)? All files system_u:object_r:public_content_t:s0 / srv/gallery2 (/. *) All files system_u:object_r:httpd_sys_content_t:s0 / srv directory system_u:object_r:var_t:s0 / / look at this! The above is the default security information for this article under / srv, but it is not specified to / srv/samba.

Semanage fcontext-a-t public_content_t "/ srv/samba (/. *)?" Semanage fcontext-l | grep'/ srv/samba' / srv/samba (/. *)? All files system_u:object_r:public_content_t:s0 cat / etc/selinux/targeted/contexts/files/file_contexts.local # This file is auto-generated by libsemanage # Please use the semanage command to make changes / srv/samba (/. *) System_u:object_r:public_content_t:s0 # write to this file restorecon-Rv / srv/samba* # try to restore the default value ll-Zd / srv/samba drwxr-xr-x root root system_u:object_r:public_content_t / srv/samba/ # there are default values, it's easy to modify it later with the restorecon command! The semanage command has many functions, and the only thing that is used here is the use of the fcontext option. As shown above, you can use semanage to query all directory defaults, or you can use it to increase the default settings!

The above is all the content of the article "what is the use of semanage commands in Linux". Thank you for reading! Hope to share the content to help you, more related knowledge, welcome to follow the industry information channel!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.