Chapter 5. Controlling and Maintaining SELinux


59


Tip


If the file has no label, such as a file created while SELinux was disabled in the kernel, you need to


give it a full label with chcon system_u:object_r:shlib_t foo.so. If you don't, you get an error


about applying a partial context to an unlabeled file.


Use


restorecon


when you want to restore files to the policy default. There are two other methods to


do this that work on the entire file system,


fixfiles


or a policy relabeling operation. These require


you to be the root user. Cautions against both of these methods appear in Section 5.2.2 Relabel a File


System.


This example shows restoring the default user home directory context to a set of files that have differ 


ent types:


# These two sets of files have different types, and are


# being moved into a directory for archiving.


Their contexts


# are different from each other, and incorrect for a standard


# user's home directory:


ls  Z /tmp/{1,2,3}


 rw rw r  


auser


auser


user_u:object_r:tmp_t


/tmp/1


 rw rw r  


auser


auser


user_u:object_r:tmp_t


/tmp/2


 rw rw r  


auser


auser


user_u:object_r:tmp_t


/tmp/3


mv /tmp/{1,2,3} archives/


mv public_html/* archives/


ls  Z archives/


 rw rw r  


auser


auser


user_u:object_r:tmp_t


1


 rw rw r  


auser


auser


user_u:object_r:httpd_user_content_t \


1.html


 rw rw r  


auser


auser


user_u:object_r:tmp_t


2


 rw rw r  


auser


auser


user_u:object_r:httpd_user_content_t \


2.html


 rw rw r  


auser


auser


user_u:object_r:tmp_t


3


 rw rw r  


auser


auser


user_u:object_r:httpd_user_content_t \


3.html


 rw rw r  


auser


auser


user_u:object_r:httpd_user_content_t \


4.html


 rw rw r  


auser


auser


user_u:object_r:httpd_user_content_t \


5.html


 rw rw r  


auser


auser


user_u:object_r:httpd_user_content_t \


index.html


# The directory archives/ is already the default type


# because it was created in the user's ~/ directory:


ls  Zd archives/


drwxrwxr x


auser


auser


user_u:object_r:user_home_t


archives/


# Relabeling with restorecon uses the default file contexts set


# by the policy, so these files are labeled with the default


# label for the directory they are in.


/sbin/restorecon  R archives/


ls  Z archives/


 rw rw r  


auser


auser


system_u:object_r:user_home_t


1


 rw rw r  


auser


auser


system_u:object_r:user_home_t


1.html


 rw rw r  


auser


auser


system_u:object_r:user_home_t


2


 rw rw r  


auser


auser


system_u:object_r:user_home_t


2.html


 rw rw r  


auser


auser


system_u:object_r:user_home_t


3


 rw rw r  


auser


auser


system_u:object_r:user_home_t


3.html








footer






  


 


 


        

 


 

  

    

      
      
 Home 
      | About Us | Network 
      | Services | Support 
      | FAQ | Control Panel 
      | Order Online |
      Sitemap | Contact

      

      adult web hosting

      
 

    

  

  




Our partners: 
PHP: Hypertext Preprocessor Best Web Hosting
Java Web Hosting
Inexpensive Web Hosting 
Jsp Web Hosting 




Cheapest Web Hosting
Jsp Hosting
Cheap Hosting



Visionwebhosting.net Business web hosting division of Web 
Design Plus. All rights reserved