[root@centos ~]# seinfo -b
Conditional Booleans: 187
allow_domain_fd_use
allow_ftpd_full_access
allow_sysadm_exec_content
allow_user_exec_content
allow_zebra_write_config
cdrecord_read_content
fcron_crond
httpd_manage_ipa
httpd_use_openstack
mmap_low_allowed
samba_share_fusefs
sepgsql_enable_users_ddl
abrt_handle_event
allow_ftpd_use_cifs
allow_httpd_mod_auth_pam
allow_Java_execstack
cron_can_relabel
.......
查看一个规则是否打开:
[root@centos ~]# getsebool httpd_enable_homedirs
httpd_enable_homedirs --> off
打开一个规则:
[root@centos ~]# setsebool -P httpd_enable_homedirs=1
[root@centos ~]# getsebool httpd_enable_homedirs
httpd_enable_homedirs --> on
查看一个规则的具体信息(也就是allow或者deny某个进程的security context的type访问某个文件系统的security context的type):
[root@centos ~]# sesearch -b httpd_enable_homedirs --all
ERROR: Cannot get avrules: Neverallow rules requested but not available
Found 46 semantic av rules:
allow httpd_sys_script_t home_root_t : dir { getattr search open } ;
allow httpd_sys_script_t home_root_t : lnk_file { read getattr } ;
allow httpd_suexec_t user_home_dir_t : dir { getattr search open } ;
allow httpd_suexec_t user_home_dir_t : lnk_file { read getattr } ;
allow httpd_suexec_t autofs_t : dir { ioctl read getattr lock search open } ;
allow httpd_suexec_t cifs_t : file { ioctl read getattr lock execute execute_no_trans open } ;
allow httpd_suexec_t cifs_t : dir { ioctl read getattr lock search open } ;
allow httpd_suexec_t cifs_t : lnk_file { read getattr } ;
allow httpd_suexec_t nfs_t : file { ioctl read getattr lock execute execute_no_trans open } ;
allow httpd_suexec_t nfs_t : dir { ioctl read getattr lock search open } ;
allow httpd_suexec_t nfs_t : lnk_file { read getattr } ;
allow httpd_t user_home_t : file { ioctl read getattr lock open } ;
.............
selinux在文件系统中是存在很多的默认设置的,可以通过semanage来查看系统中所有目录的默认security context: