62
Chapter 5. Controlling and Maintaining SELinux
5.2. Administrator Control of SELinux
Administrators can expect to do most of the same things that users do in Section 5.1 End User Control
of SELinux, plus a number of additional tasks that are usually done only at the root level. Using the
targeted policy makes tasks measurably easier for the administrator. For example, there is no need to
consider adding, editing, or deleting Linux users from the SELinux users, nor do you need to consider
roles.
This section covers the types of tasks that an administrator needs to do to maintain Red Hat Enterprise
Linux running SELinux.
5.2.1. View the Status of SELinux
The command
sestatus
provides a configurable view into the status of SELinux. By itself, the
command shows the enabled status, selinuxfs mount point, current enforcing mode and what that is
set to in the configuration file, and the policy name and its version number. Following that are a list of
all the policy Booleans and their status:
/usr/bin/sestatus
SELinux status:
enabled
SELinuxfs mount:
/selinux
Current mode:
enforcing
Mode from config file:
enforcing
Policy version:
18
Policy from config file:targeted
Policy booleans:
allow_ypbind
active
dhcpd_disable_trans
active
httpd_disable_trans
inactive
httpd_enable_cgi
active
...
The
 v
option adds on a report about the security contexts of a series of files that are specified in
/etc/sestatus.conf
:
Process contexts:
Current context:
root:system_r:unconfined_t
Init context:
user_u:system_r:unconfined_t
/sbin/mingetty
user_u:system_r:unconfined_t
/usr/sbin/sshd
user_u:system_r:unconfined_t
File contexts:
Controlling term:
root:object_r:devpts_t
/etc/passwd
system_u:object_r:etc_t
/etc/shadow
system_u:object_r:shadow_t
/bin/bash
system_u:object_r:shell_exec_t
/bin/login
system_u:object_r:bin_t
...
5.2.2. Relabel a File System
You may never need to relabel an entire file system. This usually occurs only when labeling a file
system for SELinux for the first time, or when switching between different kinds of policy, such as
going from the targeted to the strict policy.






footer




 

 

 

 

 Home | About Us | Network | Services | Support | FAQ | Control Panel | Order Online | Sitemap | Contact

adult web hosting

 

Our partners: PHP: Hypertext Preprocessor Best Web Hosting Java Web Hosting Inexpensive Web Hosting  Jsp Web Hosting

Cheapest Web Hosting Jsp Hosting Cheap Hosting

Visionwebhosting.net Business web hosting division of Web Design Plus. All rights reserved