sam.hadow/server-doc
SHA256
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
server-doc/selinux.md

1.0 KiB
Raw Blame History

context

# ls -Z /bin/file
unconfined_u:object_r:user_home_t:s0 /bin/file

list selinux context of file or directory
user (unconfined_u), role (object_r), type (user_home_t), and level (s0)

change type context

# semanage fcontext -a -t bin_t /bin/file

apply change

# restorecon -vR /bin
Relabeled /bin/file from unconfined_u:object_r:user_home_t:s0 to unconfined_u:object_r:bin_t:s0

change user context

# semanage fcontext -m -t bin_t -s system_u /bin/file

apply change

# restorecon -vF /bin/file
Relabeled /usr/bin/file from unconfined_u:object_r:bin_t:s0 to system_u:object_r:bin_t:s0
# restorecon -R for recursive

Containers

volumes

:z shared content label
:Z private unshared label
:ro,z combine read only and SElinux label

udica

git

$ podman inspect $(podman ps -f name=<container name> -q) > container.json
# udica -j container.json  my_container

denied access

see recent denials

# ausearch -m avc -ts recent