1.selinux port (1) show selinux port configuartion
1 2 3 4 5 6 # semanage port -l | grep http http_cache_port_t tcp 8080, 8118, 8123, 10001-10010 http_cache_port_t udp 3130 http_port_t tcp 80, 81, 443, 488, 8008, 8009, 8443, 9000 pegasus_http_port_t tcp 5988 pegasus_https_port_t tcp 5989
(2) add selinux port configuartion
1 # semanage port -a -t http_port_t -p tcp 82
2.selinux fcontext (1) show file fcontext
1 2 3 4 5 # ls -lZ total 12 -rw-r--r--. 1 root root unconfined_u:object_r:default_t:s0 14 Feb 10 09:56 file1 -rw-r--r--. 1 root root unconfined_u:object_r:httpd_sys_content_t:s0 14 Feb 10 09:57 file2 -rw-r--r--. 1 root root unconfined_u:object_r:httpd_sys_content_t:s0 14 Feb 10 09:57 file3
(2) show the selinux fcontext configuartion
1 2 3 4 # semanage fcontext -l | grep /var/www/html/file /var/www/html/file1 all files system_u:object_r:httpd_sys_content_t:s0 /var/www/html/file2 all files system_u:object_r:httpd_sys_content_t:s0 /var/www/html/file3 all files system_u:object_r:httpd_sys_content_t:s0
(3) edit the selinux fcontext configuartion
1 2 3 semanage fcontext -a -t httpd_sys_content_t /var/www/html/file2 semanage fcontext -m -t httpd_sys_content_t /var/www/html/file2 semanage fcontext -d -t httpd_sys_content_t /var/www/html/file2
-a: add the selinux fcontext configuartion
-m: modify the selinux fcontext configuartion
-d: delete the selinux fcontext configuartion
(4) restore the file fcontext to the selinux fcontext configuration
1 2 # restorecon -v /var/www/html/file1 Relabeled /var/www/html/file1 from unconfined_u:object_r:default_t:s0 to unconfined_u:object_r:httpd_sys_content_t:s0
(5) change file fcontext without selinux fcontext configuration
chcon can change the file fcontext, but it didn’t restore the selinux fcontext configuration.
1 chcon -t abc /var/www/html/file2