About SELinux

来自cslt Wiki
跳转至: 导航搜索

Sometimes you may failed when you configure services on linux(centos)

The reason may be as follows:

firewall

2 examples:

  • allow remote access to mysql database. 
 1) firewall-cmd --add-service=mysql --permanent (firewall should accept 3306 port)
 2) firewall-cmd --reload
 3) iptables -L -n | grep 3306
  • allow httpd service. 
 1) firewall-cmd --add-service=httpd --permanent (firewall should accept 80 port)
 2) firewall-cmd --reload
 3) iptables -L -n | grep 80


semanage - SELinux Policy Management tool

I introduce this command because several service need obtain the permission of SElinux.

2 example:

  • change mysql datadir. 
 1) semanage fcontext -a -s system_u -t mysqld_db_t "/var/data/mysql(/.*)?" (/var/data/mysql is the datadir you want use)
 2) restorecon -Rv /var/data/mysql
  • grant www/apache to read files in a directory. 
 1) semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/html(/.*)?'
 2) restorecon -R /var/www/html
取自“http://index.cslt.org/mediawiki/index.php?title=About_SELinux&oldid=23533