Follow Techotopia on Twitter

On-line Guides
All Guides
eBook Store
iOS / Android
Linux for Beginners
Office Productivity
Linux Installation
Linux Security
Linux Utilities
Linux Virtualization
Linux Kernel
System/Network Admin
Programming
Scripting Languages
Development Tools
Web Development
GUI Toolkits/Desktop
Databases
Mail Systems
openSolaris
Eclipse Documentation
Techotopia.com
Virtuatopia.com
Answertopia.com

How To Guides
Virtualization
General System Admin
Linux Security
Linux Filesystems
Web Servers
Graphics & Desktop
PC Hardware
Windows
Problem Solutions
Privacy Policy

  




 

 

Red Hat Enterprise Linux 9 Essentials Book now available.

Purchase a copy of Red Hat Enterprise Linux 9 (RHEL 9) Essentials

Red Hat Enterprise Linux 9 Essentials Print and eBook (PDF) editions contain 34 chapters and 298 pages

Preview Book

Chapter 5. Working with SELinux

5.1. SELinux Packages
5.2. Which Log File is Used
5.3. Main Configuration File
5.4. Enabling and Disabling SELinux
5.4.1. Enabling SELinux
5.4.2. Disabling SELinux
5.5. SELinux Modes
5.6. Booleans
5.6.1. Listing Booleans
5.6.2. Configuring Booleans
5.6.3. Booleans for NFS and CIFS
5.7. SELinux Contexts - Labeling Files
5.7.1. Temporary Changes: chcon
5.7.2. Persistent Changes: semanage fcontext
5.8. The file_t and default_t Types
5.9. Mounting File Systems
5.9.1. Context Mounts
5.9.2. Changing the Default Context
5.9.3. Mounting an NFS File System
5.9.4. Multiple NFS Mounts
5.9.5. Making Context Mounts Persistent
5.10. Maintaining SELinux Labels
5.10.1. Copying Files and Directories
5.10.2. Moving Files and Directories
5.10.3. Checking the Default SELinux Context
5.10.4. Archiving Files with tar
5.10.5. Archiving Files with star
5.11. Information Gathering Tools
The following sections give a brief overview of the main SELinux packages in Red Hat Enterprise Linux; installing and updating packages; which log files are used; the main SELinux configuration file; enabling and disabling SELinux; SELinux modes; configuring Booleans; temporarily and persistently changing file and directory labels; overriding file system labels with the mount command; mounting NFS file systems; and how to preserve SELinux contexts when copying and archiving files and directories.

5.1. SELinux Packages

In Red Hat Enterprise Linux, the SELinux packages are installed by default, in a full installation, unless they are manually excluded during installation. If performing a minimal installation in text mode, the policycoreutils-python package will not be installed by default. Also, by default, SELinux targeted policy is used, and SELinux runs in enforcing mode. The following is a brief description of the main SELinux packages:
policycoreutils-python: provides utilities such as semanage, audit2allow, audit2why and chcat, for operating and managing SELinux.
policycoreutils: provides utilities such as restorecon, secon, setfiles, semodule, load_policy, and setsebool, for operating and managing SELinux.
policycoreutils-gui: provides system-config-selinux, a graphical tool for managing SELinux.
selinux-policy: provides the SELinux Reference Policy. The SELinux Reference Policy is a complete SELinux policy, and is used as a basis for other policies, such as the SELinux targeted policy. Refer to the Tresys Technology SELinux Reference Policy page for further information. The selinux-policy-devel package provides development tools, such as /usr/share/selinux/devel/policygentool and /usr/share/selinux/devel/policyhelp, as well as example policy files.
selinux-policy-policy: provides SELinux policies. For targeted policy, install selinux-policy-targeted. For MLS, install selinux-policy-mls.
setroubleshoot-server: translates denial messages, produced when access is denied by SELinux, into detailed descriptions that are viewed with sealert (which is provided by this package).
setools-console: this package provides the Tresys Technology SETools distribution, a number of tools and libraries for analyzing and querying policy, audit log monitoring and reporting, and file context management[8]. The setools package is a meta-package for SETools. The setools-gui package provides the apol, seaudit, and sediffx tools. The setools-console package provides the seaudit-report, sechecker, sediff, seinfo, sesearch, findcon, replcon, and indexcon command line tools. Refer to the Tresys Technology SETools page for information about these tools.
libselinux-utils: provides the avcstat, getenforce, getsebool, matchpathcon, selinuxconlist, selinuxdefcon, selinuxenabled, setenforce, togglesebool tools.
mcstrans: translates levels, such as s0-s0:c0.c1023, to an easier to read form, such as SystemLow-SystemHigh. This package is not installed by default.
To install packages in Red Hat Enterprise Linux, as the Linux root user, run the yum install package-name command. For example, to install the mcstrans package, run the yum install mcstrans command. To upgrade all installed packages in Red Hat Enterprise Linux, run the yum update command.

[8] Brindle, Joshua. "Re: blurb for fedora setools packages" Email to Murray McAllister. 1 November 2008. Any edits or changes in this version were done by Murray McAllister.


  
 
  Published under the terms of the Creative Commons License Design by Interspire