38 lines
665 B
Markdown
38 lines
665 B
Markdown
|
|
# SELinux
|
|
|
|
## Nginx and other
|
|
```
|
|
# Allow open local port
|
|
semanage port -a -t http_port_t -p tcp 28081
|
|
# or
|
|
semanage port -a -t openvpn_port_t -p tcp 2222
|
|
semanage port -a -t openvpn_port_t -p udp 2222
|
|
# or
|
|
semanage port -a -t dns_port_t -p tcp 5353
|
|
semanage port -a -t dns_port_t -p udp 5353
|
|
|
|
|
|
# Allow open remote port
|
|
setsebool -P httpd_can_network_connect 1
|
|
|
|
|
|
# Allow open file in dir
|
|
chcon -R -t httpd_sys_content_t dir
|
|
```
|
|
|
|
```
|
|
# Set file context
|
|
semanage fcontext -a -t bin_t '/usr/bin/ssh'
|
|
restorecon -v /usr/bin/ssh
|
|
|
|
# View all modificates
|
|
semanage -o
|
|
|
|
# View fs modificates
|
|
semanage fcontext --list -C
|
|
|
|
# View port modificates
|
|
semanage port --list -C
|
|
```
|