Difference between revisions of "SELinux"
Jump to navigation
Jump to search
↑ "SELinux/Commands - FedoraProject". Retrieved 2015-11-25.<templatestyles src="Module:Citation/CS1/styles.css"></templatestyles>
↑ "chcon". Linuxcommand.org. Archived from the original on 2004-10-24. Retrieved 2013-02-06.<templatestyles src="Module:Citation/CS1/styles.css"></templatestyles>
↑ "restorecon(8) - Linux man page". Linux.die.net. Retrieved 2013-02-06.<templatestyles src="Module:Citation/CS1/styles.css"></templatestyles>
↑ "restorecond(8) - Linux man page". Linux.die.net. Retrieved 2013-02-06.<templatestyles src="Module:Citation/CS1/styles.css"></templatestyles>
↑ "runcon(1) - Linux man page". Linux.die.net. Retrieved 2013-02-06.<templatestyles src="Module:Citation/CS1/styles.css"></templatestyles>
↑ "secon(1) - Linux man page". Linux.die.net. Retrieved 2013-02-06.<templatestyles src="Module:Citation/CS1/styles.css"></templatestyles>
↑ "fixfiles(8): fix file SELinux security contexts - Linux man page". Linux.die.net. Retrieved 2013-02-06.<templatestyles src="Module:Citation/CS1/styles.css"></templatestyles>
↑ "setfiles(8): set file SELinux security contexts - Linux man page". Linux.die.net. Retrieved 2013-02-06.<templatestyles src="Module:Citation/CS1/styles.css"></templatestyles>
↑ "load_policy(8) - Linux man page". Linux.die.net. Retrieved 2013-02-06.<templatestyles src="Module:Citation/CS1/styles.css"></templatestyles>
↑ "booleans(8) - Linux man page". Linux.die.net. Retrieved 2013-02-06.<templatestyles src="Module:Citation/CS1/styles.css"></templatestyles>
↑ "getsebool(8): SELinux boolean value - Linux man page". Linux.die.net. Retrieved 2013-02-06.<templatestyles src="Module:Citation/CS1/styles.css"></templatestyles>
↑ "setsebool(8): set SELinux boolean value - Linux man page". Linux.die.net. Retrieved 2013-02-06.<templatestyles src="Module:Citation/CS1/styles.css"></templatestyles>
↑ "togglesebool(8) - Linux man page". Linux.die.net. Retrieved 2013-02-06.<templatestyles src="Module:Citation/CS1/styles.css"></templatestyles>
↑ "Ubuntu Manpage: selinux-config-enforcing - change /etc/selinux/config to set enforcing". Canonical Ltd. Archived from the original on 2012-12-20. Retrieved 2013-02-06.<templatestyles src="Module:Citation/CS1/styles.css"></templatestyles>
↑ "Ubuntu Manpage: selinuxenabled - tool to be used within shell scripts to determine if". Canonical Ltd. Archived from the original on 2013-02-09. Retrieved 2013-02-06.<templatestyles src="Module:Citation/CS1/styles.css"></templatestyles>
↑ "Ubuntu Manpage: selinux-policy-upgrade - upgrade the modules in the SE Linux policy". Canonical Ltd. Archived from the original on 2012-04-04. Retrieved 2013-02-06.<templatestyles src="Module:Citation/CS1/styles.css"></templatestyles>
Tags: Mobile web edit, Mobile edit |
|||
| Line 8: | Line 8: | ||
== Command-line utilities == | == Command-line utilities == | ||
<ref>{{cite web|url=https://fedoraproject.org/wiki/SELinux/Commands |title=SELinux/Commands - FedoraProject |accessdate=2015-11-25}}</ref> | <ref>{{cite web|url=https://fedoraproject.org/wiki/SELinux/Commands |title=SELinux/Commands - FedoraProject |accessdate=2015-11-25}}</ref> | ||
| − | <code>chcon</code>,<ref>{{cite web |url=http://linuxcommand.org/man_pages/chcon1.html |archive-url=https://web.archive.org/web/20041024211853/http://linuxcommand.org/man_pages/chcon1.html |url-status=dead |archive-date=2004-10-24 |title=chcon |publisher=Linuxcommand.org |accessdate=2013-02-06 }}</ref> | + | <code>[[chcon]]</code>,<ref>{{cite web |url=http://linuxcommand.org/man_pages/chcon1.html |archive-url=https://web.archive.org/web/20041024211853/http://linuxcommand.org/man_pages/chcon1.html |url-status=dead |archive-date=2004-10-24 |title=chcon |publisher=Linuxcommand.org |accessdate=2013-02-06 }}</ref> |
<code>restorecon</code>,<ref>{{cite web|url=http://linux.die.net/man/8/restorecon |title=restorecon(8) - Linux man page |publisher=Linux.die.net |date= |accessdate=2013-02-06}}</ref> | <code>restorecon</code>,<ref>{{cite web|url=http://linux.die.net/man/8/restorecon |title=restorecon(8) - Linux man page |publisher=Linux.die.net |date= |accessdate=2013-02-06}}</ref> | ||
<code>restorecond</code>,<ref>{{cite web|url=http://linux.die.net/man/8/restorecond |title=restorecond(8) - Linux man page |publisher=Linux.die.net |date= |accessdate=2013-02-06}}</ref> | <code>restorecond</code>,<ref>{{cite web|url=http://linux.die.net/man/8/restorecond |title=restorecond(8) - Linux man page |publisher=Linux.die.net |date= |accessdate=2013-02-06}}</ref> | ||
| Line 32: | Line 32: | ||
[[sestatus]] | [[sestatus]] | ||
[[setenforce]] enforcing | [[setenforce]] enforcing | ||
| − | |||
| − | |||
== See also == | == See also == | ||
Revision as of 20:17, 23 September 2020
wikipedia:Security-Enhanced Linux is a Linux kernel security module that provides a mechanism for supporting access control security policies, including mandatory access controls (MAC).
semanage and restorecon command line utilities can be used to manage SELinux configuration and behavior.
SELinux is available in RHEL 4 since 2005 and in Ubuntu. As of 2018 Ubuntu 18.04 LTS do not install SELinux by default.
Command-line utilities
[1]
chcon,[2]
restorecon,[3]
restorecond,[4]
runcon,[5]
secon,[6]
fixfiles,[7]
setfiles,[8]
load_policy,[9]
booleans,[10]
getsebool,[11]
setsebool,[12]
togglesebool[13]
setenforce,
semodule,
postfix-nochroot,
check-selinux-installation,
semodule_package,
checkmodule,
selinux-config-enforcing,[14]
selinuxenabled,[15]
and selinux-policy-upgrade[16]
sestatus setenforce enforcing
See also
- AppArmor,
/etc/apparmor.d/libvirt,apparmor_status - Seccomp
- SELinux,
semanage,sestatus,getenforce,chcon, security context,setsebool - Mandatory access control: AppArmor, SELinux, seccomp, System Integrity Protection (macOS)
Advertising:
