| Server IP : 184.154.167.98 / Your IP : 3.141.32.252 Web Server : Apache System : Linux pink.dnsnetservice.com 4.18.0-553.22.1.lve.1.el8.x86_64 #1 SMP Tue Oct 8 15:52:54 UTC 2024 x86_64 User : puertode ( 1767) PHP Version : 8.2.26 Disable Function : NONE MySQL : OFF | cURL : ON | WGET : ON | Perl : ON | Python : ON | Sudo : ON | Pkexec : ON Directory : /lib/python3.6/site-packages/sepolicy/help/ |
Upload File : |
SELinux can either setup labeling directory using the Application/files screen, or you can setup file equivalence. File Equivalence allows an administrator to label entire directory trees as the same way as the Equivalence directory tree. Use Case 1: An administrator want to store his Apache root content in a location other then /var/www like /srv/www. He could define an equivalence between /srv/www and /var/www. libselinux reads the equivalence rules and does the substitution when ever the matchpathcon function is called. Tools like restorecon/rpm/udev and others will all follow the substitution. Using the example above when matchpathcon is handed /srv/www/cgi-bin/myscript.cgi, it substitutes /var/www for /svr/www and looks up the context of /var/www/cgi-bin/myscript.cgi. In the command line you could execute. # semanage fcontext -a -e /var/www /srv/www Another common case where you might want to use file equivalence, is if you put your users home directories in a location other then /home. If you setup an equivalence between /home and /export/home # matchpathcon /export/home/dwalsh/.ssh /export/home/dwalsh/.ssh unconfined_u:object_r:home_ssh_t:s0