Exercise 2.5 - Tips & Tricks

Return to Workshop

Tips & tricks

This is the conclusion of the SELinux policy workshop. Here’s some closing tips to help you work with SELinux. Please ask any questions that you have left, and thanks so much for coming!

  • Set a folder’s context to mimic another:

mkdir -p /var/new_www/html
matchpathcon /var/www/html /var/new_www/html
semanage fcontext -a -e /var/www /var/new_www
restorecon -Rv /var/
  • List ports associated with all service domains:

semanage port -l

And then, add a port to an existing service’s domain, such as httpd:

semanage port -a -t http_port_t -p tcp 8888
  • Cause entire system to be re-labeled at next boot:

fixfiles onboot

or

touch /.autorelabel
  • Get detail reports of access errors (requires optional setroubleshoot package):

sealert -l "*"

Workshop Details

Domain Red Hat Logo
Workshop
Student ID

Return to Workshop