查找已修改的 selinux 布尔值

Question 1

您可以使用以下命令获取本地修改的布尔值列表：

semanage boolean --list -C

来自 semanage 手册页：

   -l, --list
          List the OBJECTS

   -C, --locallist
          List only locally defined settings, not base policy settings.

Answer

您可以使用以下命令获取本地修改的布尔值列表：

semanage boolean --list -C

来自 semanage 手册页：

   -l, --list
          List the OBJECTS

   -C, --locallist
          List only locally defined settings, not base policy settings.

Question 2

如果比较布尔值的默认值，您就会发现它是否已发生改变。

semanage boolean -l | grep http
SELinux boolean                State  Default Description

httpd_can_network_relay        (off  ,  off)  Allow httpd to act as a relay
httpd_can_network_connect_db   (off  ,  off)  Allow HTTPD scripts and modules to connect to databases over the network.
httpd_use_gpg                  (off  ,  off)  Allow httpd to run gpg in gpg-web domain
httpd_dbus_sssd                (off  ,  off)  Allow Apache to communicate with sssd service via dbus

Answer

如果比较布尔值的默认值，您就会发现它是否已发生改变。

semanage boolean -l | grep http
SELinux boolean                State  Default Description

httpd_can_network_relay        (off  ,  off)  Allow httpd to act as a relay
httpd_can_network_connect_db   (off  ,  off)  Allow HTTPD scripts and modules to connect to databases over the network.
httpd_use_gpg                  (off  ,  off)  Allow httpd to run gpg in gpg-web domain
httpd_dbus_sssd                (off  ,  off)  Allow Apache to communicate with sssd service via dbus

查找已修改的 selinux 布尔值

答案1

答案2

相关内容