Pop Feed Daily

Home / general

What is Restorecon used for?

James Stevens |

What is Restorecon used for?

Use restorecon command to set file security contexts. This command is primarily used to set the security context (extended attributes) on one or more files.

What is Restorecon command?

Using the restorecon command is the most popular and preferred way of modifying the SELinux context of a file or directory. As is visible from the name of the restorecon command, it is used to restore the default context of a file or directory by reading the default rules set in the SELinux policy.

What is SELinux Restorecon?

This manual page describes the restorecon program. This program is primarily used to set the security context (extended attributes) on one or more files. It can be run at any time to correct errors, to add support for new policy, or with the -n option it can just check whether the file contexts are all as you expect.

What is Httpd_sys_content_t?

httpd_sys_content_t. Use this type for static web content, such as . html files used by a static website. Files labeled with this type are accessible (read only) to httpd and scripts executed by httpd . By default, files and directories labeled with this type cannot be written to or modified by httpd or other processes …

What is SELinux and how does it work?

How does SELinux work? SELinux defines access controls for the applications, processes, and files on a system. When an application or process, known as a subject, makes a request to access an object, like a file, SELinux checks with an access vector cache (AVC), where permissions are cached for subjects and objects.

Where are SELinux contexts stored?

The SELinux file contexts are stored in the “root” directory. To access this directory, you must have root user privileges.

What is Getsebool Linux?

Description. getsebool reports where a particular SELinux boolean or all SELinux booleans are on or off In certain situations a boolean can be in one state with a pending change to the other state. getsebool will report this as a pending change.

What is Httpd_unified?

httpd_unified basically says to SELinux allow Apache processes to treat all Apache content with the same rules. In RHEL7 we feel users are familiar enough with SELinux to disable the httpd_unified boolean by default. With the boolean on, Apache processes can read/write/execute all httpd_sys_content* labels.

What is Object_r?

object_r is just a place holder. For all SELinux systems other then some experimental systems, every object on the file system gets labeled object_r. The last field is all s0. This is the MCS or MLS label depending on your policy.

Why do we use SELinux?

Security-Enhanced Linux (SELinux) is a security architecture for Linux® systems that allows administrators to have more control over who can access the system. It was originally developed by the United States National Security Agency (NSA) as a series of patches to the Linux kernel using Linux Security Modules (LSM).

What does the restorecon program do?

This manual page describes the restorecon program. This program is primarily used to set the security context (extended attributes) on one or more files.

How does restorecon change the security context of a file object?

If a file object does not have a context, restorecon will write the default context to the file object’s extended attributes. If a file object has a context, restorecon will only modify the type portion of the security context. The -F option will force a replacement of the entire context.

What is the difference between restorecon and infilename?

If a file object has a context, restorecon will only modify the type portion of the security context. The -F option will force a replacement of the entire context. infilename contains a list of files to be processed by application.

You Might Also Like