Semanage In rocky 9.3 For Permission Folder Root Web Server
  easystem   14 Mei 2024   fix error

The semanage command in Linux is used to manage SELinux (Security-Enhanced Linux) policies, configurations, and contexts. If you are using Rocky Linux 9.3, here's a brief guide on how to use semanage for common tasks:

Installing semanage

First, you need to ensure that the policycoreutils-python-utils package, which includes semanage, is installed:

sudo dnf install policycoreutils-python-utils

Common semanage Usage

Here are some common semanage commands and their usage:

1. Adding and Modifying Port Contexts

To add a new port to a specific SELinux context:

sudo semanage port -a -t http_port_t -p tcp 8080

  • -a: Add a new port.
  • -t: Type of the context, here http_port_t.
  • -p: Protocol, here tcp.
  • 8080: Port number to be added.

To modify an existing port:

sudo semanage port -m -t http_port_t -p tcp 8081

  • -m: Modify an existing port.

2. Listing Port Contexts

To list all ports with their SELinux contexts:

sudo semanage port -l

3. Managing File Contexts

To add a file context:

sudo semanage fcontext -a -t httpd_sys_content_t "/var/www/html(/.*)?"

  • -a: Add a new file context.
  • -t: Type of the context, here httpd_sys_content_t.
  • "/var/www/html(/.*)?": Directory and its content to be labeled.

To apply the new context to existing files, use restorecon:

sudo restorecon -R -v /var/www/html

4. Listing File Contexts

To list all file contexts:

sudo semanage fcontext -l

5. Managing Boolean Values

To enable a Boolean value:

sudo setsebool -P httpd_can_network_connect on

  • -P: Make the change persistent across reboots.

To list all Boolean values and their current state:

sudo getsebool -a

Using semanage with SELinux Modes

Rocky Linux comes with SELinux enabled by default. To check the current SELinux mode:

sestatus

To switch SELinux mode to permissive or enforcing:

sudo setenforce Permissive

or

sudo setenforce Enforcing
To make the change persistent, edit the SELinux configuration file:
 
sudo nano /etc/selinux/config
Change the SELINUX line to:
SELINUX=permissive
or
SELINUX=enforcing

Conclusion

The semanage tool is powerful for managing SELinux policies and contexts in Rocky Linux 9.3. By using the commands above, you can configure port contexts, file contexts, and Boolean values to control how SELinux applies security policies on your system. For more detailed usage, refer to the semanage man pages:

man semanage

 

 

 
 
 

Tags :

linux rocky 9

Bagikan :