update selinux commands

2025-02-22 21:27:03 +01:00 · 2025-02-22 21:27:03 +01:00 · 09320e25a0
commit 09320e25a0
parent 770cb7d29e
1 changed files with 21 additions and 0 deletions
--- a/selinux.md
+++ b/selinux.md
@ -27,3 +27,24 @@ apply change
 Relabeled /usr/bin/file from unconfined_u:object_r:bin_t:s0 to system_u:object_r:bin_t:s0
 # restorecon -R for recursive
 ```
+
+## Containers
+
+### volumes
+` :z `  shared content label  
+` :Z `  private unshared label  
+` :ro,z ` combine read only and SElinux label  
+
+### udica
+[git](https://github.com/containers/udica)  
+```
+$ podman inspect $(podman ps -f name=<container name> -q) > container.json
+# udica -j container.json  my_container
+```
+
+## denied access
+
+see recent denials
+```
+# ausearch -m avc -ts recent
+```