Semanage是改變該資料夾或檔案的SELinux type預設值,而Chcon是直接改變資料夾或檔案的SELinux type,在resotrecon時會套用該資料夾或檔案的SELinux type預設值。
建立 2 個資料夾:
- 示範 semanage 用的資料夾
- 示範 chcon 用的資料夾
- selinux context 設為 httpd_sys_content_t
# mkdir -p /secon/semanagerdir
# mkdir /secon/chcondir
# ll -dZ /secon/semanagerdir
drwxr-xr-x. root root unconfined_u:object_r:default_t:s0 /secon/semanagedir/
# ll -dZ /secon/chcondir
drwxr-xr-x. root root unconfined_u:object_r:default_t:s0 /secon/chcondir/
使用 semanage(若 semanage 無法執行,請先安裝套件 policycoreutils-python)
# ll -Zd /secon/semanagedir/
drwxr-xr-x. root root system_u:object_r:default_t:s0 /secon/semanagedir/
# semanage fcontext -a -t httpd_sys_content_t '/secon/semanagedir(/.*)?'
# restorecon -FRvv /secon/semanagedir/
restorecon reset /secon/semanagedir context system_u:object_r:default_t:s0->system_u:object_r:httpd_sys_content_t:s0
# ll -Zd /secon/semanagedir/
drwxr-xr-x. root root system_u:object_r:httpd_sys_content_t:s0 /secon/semanagedir/
使用 chcon
# ll -Zd /secon/chcondir/
drwxr-xr-x. root root system_u:object_r:default_t:s0 /secon/chcondir/
# chcon -t httpd_sys_content_t -R /secon/chcondir/
# ll -Zd /secon/chcondir/
drwxr-xr-x. root root unconfined_u:object_r:httpd_sys_content_t:s0 /secon/chcondir/
# restorecon -FRvv /secon/chcon/
restorecon reset /secon/chcondir context unconfined_u:object_r:httpd_sys_content_t:s0->system_u:object_r:default_t:s0
# ll -Zd /secon/chcondir/
drwxr-xr-x. root root system_u:object_r:default_t:s0 /secon/chcondir/
沒有留言:
張貼留言