sestatus
getenforce
setenforce 0 ※Permissiveに切り替え setenforce 1 ※Enforcingに切り替え
chcon
semanage port --list semanage fcontext --list semanage interface --list
semanage fcontext -a -t httpd_sys_content_t "/var/www(/.*)?" semanage port -a -t PORT_TYPE -p tcp 8888
yum install settools-console dnf install settools-console
sesearch -A -C -s httpd_t -t httpd_sys_content_t -c file sesearch --allow --show_cnd --source httpd_t --target httpd_sys_content_t --class file
SELINUX=enforcing SELINUX=permissive SELINUX=disabled ※無効
/etc/selinux/targeted/policy/policy.33
/etc/selinux/targeted/context/files/file_contexts*
ps -Z ps -eZ | grep httpd ps -M ps x --context
ls -Z ls -lZ ls --context
ausearch -m AVC ausearch -m AVC | grep denied ausearch -m AVC_USER