“About SELinux”版本间的差异
来自cslt Wiki
| 第1行: | 第1行: | ||
| + | Sometimes you may failed when you configure services on linux(centos) | ||
| + | |||
| + | The reason may be as follows: | ||
| + | |||
| + | firewall | ||
| + | |||
| + | 2 examples: | ||
| + | * allow remote access to mysql database. | ||
| + | 1) firewall-cmd --add-service=mysql --permanent (firewall should accept 3306 port) | ||
| + | 2) firewall-cmd --reload | ||
| + | 3) iptables -L -n | grep 3306 | ||
| + | * allow httpd service. | ||
| + | 1) firewall-cmd --add-service=httpd --permanent (firewall should accept 80 port) | ||
| + | 2) firewall-cmd --reload | ||
| + | 3) iptables -L -n | grep 80 | ||
| + | |||
| + | |||
semanage - SELinux Policy Management tool | semanage - SELinux Policy Management tool | ||
2016年11月3日 (四) 04:13的最后版本
Sometimes you may failed when you configure services on linux(centos)
The reason may be as follows:
firewall
2 examples:
- allow remote access to mysql database.
1) firewall-cmd --add-service=mysql --permanent (firewall should accept 3306 port) 2) firewall-cmd --reload 3) iptables -L -n | grep 3306
- allow httpd service.
1) firewall-cmd --add-service=httpd --permanent (firewall should accept 80 port) 2) firewall-cmd --reload 3) iptables -L -n | grep 80
semanage - SELinux Policy Management tool
I introduce this command because several service need obtain the permission of SElinux.
2 example:
- change mysql datadir.
1) semanage fcontext -a -s system_u -t mysqld_db_t "/var/data/mysql(/.*)?" (/var/data/mysql is the datadir you want use) 2) restorecon -Rv /var/data/mysql
- grant www/apache to read files in a directory.
1) semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/html(/.*)?' 2) restorecon -R /var/www/html
