selinux的研究
作者 佚名技术
来源 Linux系统
浏览
发布时间 2012-07-04
| l -P squid_disable_trans 1;service squid restart
ftp: setsebool -P ftpd_home_dir 1; service vsftpd restart setsebool -P ftpd_disable_trans 1 SELinux policy is customizable based on least access required. So by default SElinux policy does not allow nfs to share files.
If you want to setup this machine to share nfs partitions read only, you must set the boolean nfs_export_all_ro boolean. setsebool -P nfs_export_all_ro 1 If you want to share files read/write you must set the nfs_export_all_rw boolean. setsebool -P nfs_export_all_rw 1 If you want to use a remote NFS server for the home directories on this machine, you must set the use_nfs_home_dir boolean. setsebool -P use_nfs_home_dirs 1 samba_selinux(8) Samba Selinux Policy documentation samba_selinux(8) NAME samba_selinux - Security Enhanced Linux Policy for Samba DESCRIPTION Security-Enhanced Linux secures the Samba server via flexible mandatory access control. FILE_CONTEXTS SELinux requires files to have an extended attribute to define the file type. Policy governs the access daemons have to these files. If you want to share files other than home directories, those files must be labeled samba_share_t. So if you created a special directory /var/eng, you would need to label the direc- tory with the chcon tool. SElinux需要文件拥有一个声明其类型的扩展属性. 策略管理着针对这些文件的访问进程,(或者翻译为,策略决定你是否能够获得这个文件) 如果你想共享非主目录下的文件,  为其标记上"samba_share_t"属性. ,如果你生成了一个特殊的目录/var/eng,你需要使用"chcon"命令标记它. chcon -t samba_share_t /var/eng If you want to make this permanant, i.e. survive a relabel, you must add an entry to the file_contexts.local file. 如果你想使它永久生效,你 添加如下条目至file_contexts.local文件中.
/etc/selinux/POLICYTYPE/contexts/files/file_contexts.local /var/eng(/.*)? system_u:object_r:samba_share_t SHARING FILES If you want to share files with multiple domains (Apache, FTP, rsync, Samba), you can set a file context of public_content_t and public_content_rw_t. These context allow any of the above domains to read the content. If you want a particular domain to write to the public_content_rw_t domain, you must set the appropriate boolean. allow_DOMAIN_anon_write. So for samba you would execute: 如果你想在多个服务中(比如apache,ftp,rsysc,samba)对外共享同样的 文件,你可以为该文件设置public_content_t和public_content_rw_t属性. 这些 setsebool -P allow_smbd_anon_write=1 BOOLEANS SELinux policy is customizable based on least access required. So by default SElinux policy turns off SELinux sharing of home directories and the use of Samba shares from a remote machine as a home dir |
||
凌众科技专业提供服务器租用、服务器托管、企业邮局、虚拟主机等服务,公司网站:http://www.lingzhong.cn 为了给广大客户了解更多的技术信息,本技术文章收集来源于网络,凌众科技尊重文章作者的版权,如果有涉及你的版权有必要删除你的文章,请和我们联系。以上信息与文章正文是不可分割的一部分,如果您要转载本文章,请保留以上信息,谢谢! |
你可能对下面的文章感兴趣
关于selinux的研究的所有评论
