informatique:linux:selinux
Differences
This shows you the differences between two versions of the page.
| Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
| informatique:linux:selinux [2010/10/14 09:14] – pteu | informatique:linux:selinux [2013/10/14 20:44] (current) – external edit 127.0.0.1 | ||
|---|---|---|---|
| Line 66: | Line 66: | ||
| restorecon -v < | restorecon -v < | ||
| </ | </ | ||
| + | |||
| + | Les contextes **public_content_t** et **public_content_rw_t** servent pour les fichiers qui doivent être accessibles depuis plusieurs services, respectivement en lecture seule ou écriture. | ||
| Les booléens déterminent si certaines règles s' | Les booléens déterminent si certaines règles s' | ||
| <code bash> | <code bash> | ||
| getsebool -a | grep http | getsebool -a | grep http | ||
| + | allow_httpd_anon_write --> off | ||
| + | allow_httpd_bugzilla_script_anon_write --> off | ||
| + | allow_httpd_cvs_script_anon_write --> off | ||
| + | allow_httpd_mod_auth_pam --> off | ||
| + | allow_httpd_nagios_script_anon_write --> off | ||
| + | allow_httpd_prewikka_script_anon_write --> off | ||
| + | allow_httpd_squid_script_anon_write --> off | ||
| + | allow_httpd_sys_script_anon_write --> off | ||
| + | httpd_builtin_scripting --> on | ||
| + | httpd_can_network_connect --> off | ||
| + | httpd_can_network_connect_db --> off | ||
| + | httpd_can_network_relay --> off | ||
| + | httpd_can_sendmail --> on | ||
| + | httpd_disable_trans --> off | ||
| + | httpd_enable_cgi --> on | ||
| + | httpd_enable_ftp_server --> off | ||
| + | httpd_enable_homedirs --> on | ||
| + | httpd_rotatelogs_disable_trans --> off | ||
| + | httpd_ssi_exec --> off | ||
| + | httpd_suexec_disable_trans --> off | ||
| + | httpd_tty_comm --> on | ||
| + | httpd_unified --> on | ||
| + | httpd_use_cifs --> off | ||
| + | httpd_use_nfs --> off | ||
| </ | </ | ||
| Line 75: | Line 101: | ||
| <code bash> | <code bash> | ||
| setsebool -P httpd_enable_cgi 0 | setsebool -P httpd_enable_cgi 0 | ||
| + | </ | ||
| + | De la doc... | ||
| + | <code bash> | ||
| man httpd_selinux | man httpd_selinux | ||
| man -k selinux | man -k selinux | ||
informatique/linux/selinux.txt · Last modified: 2013/10/14 20:44 by 127.0.0.1