58
Chapter 5. Controlling and Maintaining SELinux
Tip
Since most of SELinux permission control in the targeted policy is type enforcement, you can primarily
ignore the user and role information in a security label and focus on just changing the type. This saves
you some keystrokes, and keeps you from worrying about the roles and users settings on your files.
Note
If relabeling affects the label on a daemon's executable, you want to restart the daemon to be sure
it is running in the correct domain. For example, if your /usr/sbin/mysqld has the wrong security
label and this is fixed by a relabeling operation such as restorecon, you must restart mysqld after
the relabeling. The executable file having the proper type of mysqld_exec_t ensures it transitions
into the proper domain when started.
Use
chcon
when you have a file that is not the type you want it to be. You must know the new type
you want instead:
# These directories and files are labeled with the default type
# defined for file system objects created in /home:
cd ~
ls Zd public_html/
drwxrwxr x
auser
auser
user_u:object_r:user_home_t public_html/
ls Z web_files/
rw rw r
auser
auser
user_u:object_r:user_home_t
1.html
rw rw r
auser
auser
user_u:object_r:user_home_t
2.html
rw rw r
auser
auser
user_u:object_r:user_home_t
3.html
rw rw r
auser
auser
user_u:object_r:user_home_t
4.html
rw rw r
auser
auser
user_u:object_r:user_home_t
5.html
rw rw r
auser
auser
user_u:object_r:user_home_t
index.html
mv web_files/* public_html/
ls Z public_html/
rw rw r
auser
auser
user_u:object_r:user_home_t
1.html
...
# If you want to make these files viewable from a special user
# public HTML folder, they need to have a type that httpd has
# permissions to read, presuming the Apache HTTP server is configured
# for UserDir and the Boolean value httpd_enable_homedirs is
# enabled.
chcon R t httpd_used_content_t public_html/
ls Z public_html
rw rw r
auser
auser
user_u:object_r:httpd_user_content_t \
1.html
...
ls Z public_html/ d
drwxrwxr x
auser
auser
user_u:object_r:httpd_user_content_t \
public_html/
footer
Our partners:
PHP: Hypertext Preprocessor Best Web Hosting
Java Web Hosting
Inexpensive Web Hosting
Jsp Web Hosting
Cheapest Web Hosting
Jsp Hosting
Cheap Hosting
Visionwebhosting.net Business web hosting division of Web
Design Plus. All rights reserved