SELinux
安全增強式 Security-Enhanced Linux(SELinux)是一個在內核中實踐的強制存取控制(MAC)安全性機制。SELinux 首先在 CentOS 4 出現,並在其後的 CentOS 發行版本獲得重大改善。這些改善代表用 SELinux 解決問題的方法亦隨著時間而改變。
基本指令
To check if SELinux is enabled
# sestatus
SELinux status: enabled
SELinuxfs mount: /sys/fs/selinux
SELinux root directory: /etc/selinux
Loaded policy name: targeted
Current mode: permissive
Mode from config file: permissive
Policy MLS status: enabled
Policy deny_unknown status: allowed
Max kernel policy version: 31
# getenforce
Permissive
To temporarily set SELinux to Enforcing/Permissive
# setenforce 1 // Enforcing
# setenforce 0 // Permissive
Permanently change SELinux
Edit the file /etc/selinux/config
## Change this line
SELinux=disabled
Find Files with SELinux Security Context
# With the find command
find ~/UbuntuMint -type f -context '*httpd_sys_content_t*' -name '*.txt'
# With the ls command
ls -Z | grep 'object_r:user_home_t' | grep '\.txt$'