Familiar with SELinux Functions

Familiar with SELinux Functions

Now, playing with the SELinux system has some value. For example, we use a strictly qualified ora Core 4 release. Most of these examples can basically run on Red hat Enterprise Linux version 4 or Fedora Core 5. Although it may be a little different, you may be able to run it using another release. "Getting SELinux example policy" describes how to obtain the policy files and other resources used throughout this book as an example, and describes how to configure your system accordingly.

Run in Permission mode:
SELinux is able to run in permission mode where access check occurs, but not allow access, it simply checks them. This mode is very useful when you first learn SELinux, and you may want to explore the system in this mode. Of course, if you want to improve the security of SELinux access, the permission mode should not be used in the operating system. Note that some tools can be found in/usr/sbin, which are usually not stored in common user paths.

The simplest way to query the current mode of SELinux is to run the getenforce command. If you want to set the system security mode to permission mode, run the setenforce 0 command. (You must log on to the system as the root user and identify the domain as sysadm_t to change the system to the permission mode ). To enforcing mode, run setenforce 1. (Because you are in permission mode, You need to log on as a root to change the system mode to enforcing mode .)

We have mentioned the-Z option added to the system command. Commands such as ls and ps display the security context of files and processes. As an exercise, run the command ps-Z and ls-Z to check various security contexts for running processes and executable files.

Review password routine

Throughout this section, we use the shadow password file and password program example. If you detect the security context of these two files, their types should be shadow_t and passwd_exec_t. As discussed earlier, passwd_exec_t is the passwd_t domain.
Entrypoint type. To see how domain conversion works, run the following command. You need two terminal windows or virtual consoles to run these commands.

In the first window, run the passwd command

This command starts the password program and prompts the user to enter the password. Do not enter the password, but switch to the second terminal. On the second terminal, run the su command to switch to the root user, and then run the ps command:

As you can see, the type of the running password program is passwd_t, as described in the example above. <喎?http: www.bkjia.com kf ware vc " target="_blank" class="keylink"> Release + 1tjQwsq508Oy38LUzsS8/release/LqsxNq6y7LfwtS1xLb + release + ho9f3zqrO0sPHtcTBqs + release + 48 bXEst/C1KOsy/release PC9wPgoKPHA + signature + PC9wPgoKPHA + st/Signature + signature/Signature + vavU2rXayP2yv7fWz + rPuMzWwtuho8/authorization/tLLfwtTOxLz + signature + Cgo8cD6y6b + 0st/Signature UaS + 38rHILLfwtS31s72uaS + examples/examples + 1zbPW0MrHt/examples/HIoVNlVG9vbHOw/examples + YXBvbLmkvt/Kx9K7uPa + q9bCtcRTRUxpbnV4st/Examples Try9q8q508PV4rj2uaS + examples/examples + 48 bXEst/examples/J0tSy6b + 0st/examples + Cgo8cD48aW1nIHNyYz0 = "http://www.2cto.com/uploadfile/Collfiles/20150511/2015051109410851.png" alt = "here write picture description" title = "required * & deleted? Why? J \ profiling? 2? 2F leopard h? Why? Http://www.bkjia.com/ OS /linux/ "target =" _ blank "class =" keylink "> Linux policy language.