Does Tar preserve SELinux context?
tar command syntax –selinux – Save the SELinux context to the archive called file. tar. –xattrs – Save the user/root xattrs to the archive called file. tar Please that it archive all extended attributes, including SELinux and ACLs.
What SELinux Boolean would you set to allow this?
# semanage boolean -l SELinux boolean State Default Description privoxy_connect_any (on , on) Allow privoxy to connect any smartmon_3ware (off , off) Allow smartmon to 3ware mpd_enable_homedirs (off , off) Allow mpd to enable homedirs xdm_sysadm_login (off , off) Allow xdm to sysadm login xen_use_nfs (off , off) Allow …
How does the chcon command change the SELinux context?
The chcon command changes the SELinux context for files. However, changes made with the chcon command do not survive a file system relabel, or the execution of the restorecon command. SELinux policy controls whether users are able to modify the SELinux context for any given file.
What do you need to know about SELinux contexts?
SELinux Contexts for Processes 3.3. SELinux Contexts for Users 4. Targeted Policy 4.1. Confined Processes 4.2. Unconfined Processes 4.3. Confined and Unconfined Users 5. Working with SELinux 5.1. SELinux Packages 5.2. Which Log File is Used 5.3. Main Configuration File 5.4. Permanent Changes in SELinux States and Modes 5.4.1. Enabling SELinux
How does the execute permission work in SELinux?
As we have seen before, SELinux has a very fine-grained set of permissions that it can control. The execute permission on files is one of them. If a domain does not have execute permission on the file, then it will not be able to execute that file.
How is SELinux used in a DAC system?
This information is used to make access control decisions. On DAC systems, access is controlled based on Linux user and group IDs. SELinux policy rules are checked after DAC rules. SELinux policy rules are not used if DAC rules deny access first. By default, newly-created files and directories inherit the SELinux type of their parent directories.