Linux restorecon command usage skills, linuxrestorecon

Linux restorecon command usage skills, linuxrestorecon

Restorecon commandUsed to restore the security context of a SELinux file.

Syntax

restorecon [-iFnrRv] [-e excludedir ] [-o filename ] [-f filename | pathname...]

Option

-I: Ignore nonexistent files. -F: The infilename file infilename records the file to be processed. -E: directory exclusion directory. -R/-r: recursive processing Directory. -N: does not change the file tag. -O/outfilename: saves the file list to outfilename. If the file is incorrect. -V: displays the process on the screen. -F: forcibly restores the file security context.

Instance

If apache is installed on CentOS, the default home directory of the webpage is/Var/www/html. We often encounter this problem. Create a webpage file in another directory and use mv to move it to the default webpage directory./Var/www/html, but the file cannot be opened in the browser. This is probably because the SELinux configuration information of this file inherits from the original directoryThe SELinux configuration information is also moved when the/var/www/html directory is different. As a result, the page cannot be opened. For details, see the following example:

/* Use the CentOS example. If apache is not installed by default, ensure the network connection, use the following command to install */[root@linuxde.net ~] # Yum install httpd/* Create an html file in the root home directory */[root@linuxde.net ~] # Pwd/root [root@linuxde.net ~] # Vi index.html/* enter a text segment at will, save and exit */welcome to www.linuxde.net/#mvthis file to the webpage directory #/#root@linuxde.net ~] # Mv index.html/var/www/html // ** in this case, we enter 127.0.0.1/index.html In the firefox browser and find that the file cannot be opened. * Check the log file of SELinux, the following error message is found. It is not difficult to see that * The index.html in the main directory of the httpdw.net page is blocked by SELinux because The SELinux configuration information is incorrect, * The correct SELinux configuration information should be the part after scontext =. * The SELinux configuration information of the index.html file is the part after tcontext =, * from the third section of tcontext = "admin_home_t", it is not difficult to see that the SELinux configuration information of this file is in the root user's home directory. */Type = AVC msg = audit (1378974214.610: 465): avc: denied {open} for pid = 2359 comm = "httpd" path = "/var/www/html/index.html" dev = "sda1" ino = 1317685 scontext = system_u: system_r: httpd_t: s0 tcontext = unconfined_u: object_r: admin_home_t: s0 tclass = file/* use ls-Z, file and directory SELinux information does not match */[root@linuxde.net html] # ls-Z/var/www/html /.... unconfined_u: object_r: admin_home_t: s0 index.html [root@linuxde.net html] # ls-Zd/var/www/html /.... system_u: object_r: httpd_sys_content_t: s0/var/www/html // * use restorecon to restore SELinux configuration information of all files in the home directory of the webpage (if the target is a directory, -R parameter recursion can be added) */[root@linuxde.net html] # restorecon-R/var/www/html/