Results 1 to 3 of 3
Thread: selinux: domains and types
Enjoy an ad free experience by logging in. Not a member yet? Register.
selinux: domains and types
If I was to examine a file under the /var/www/html directory I would see something like
$ ls -Z /var/www/html/index.html -rw-r--r-- username username system_u:object_r:httpd_sys_content_t /var/www/html/index.html
$ ps axZ | grep httpd system_u:system_r:httpd_t 3234 ? Ss 0:00 /usr/sbin/httpd
- Join Date
- Apr 2012
- Virginia, USA
This is the behind the scenes stuff of SELinux.
You have a confined process, httpd. httpd can only access files that have specific contexts such has httpd_sys_content_t.
Policy modules define which processes are confined, and which file contexts they can access.
The most pressing question is, how do I know what's already configured? On RHEL and related distros, you can check out the targeted service man pages:
man -k '_selinux'
Here are some links to some information:
Red Hat Magazine | A step-by-step guide to building a new SELinux policy*module
HowTos/SELinux - CentOS Wiki