cmp-docs/docs/linux/selinux.md

SELinux

Nginx and other

# Allow open local port
semanage port -a -t http_port_t -p tcp 28081
# or
semanage port -a -t openvpn_port_t -p tcp 2222
semanage port -a -t openvpn_port_t -p udp 2222
# or
semanage port -a -t dns_port_t -p tcp 5353
semanage port -a -t dns_port_t -p udp 5353


# Allow open remote port
setsebool -P httpd_can_network_connect 1


# Allow open file in dir
chcon -R -t httpd_sys_content_t dir

# Set file context
semanage fcontext -a -t bin_t '/usr/bin/ssh'
restorecon -v /usr/bin/ssh

# View all modificates
semanage -o

# View fs modificates
semanage fcontext --list -C

# View port modificates
semanage port --list -C