LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 11-11-2010, 08:40 AM   #1
Toomas
LQ Newbie
 
Registered: Oct 2010
Location: Tallinn
Distribution: CentOS 5.5
Posts: 18

Rep: Reputation: 1
SELinux: how to list all Type Enforcement contexts that exist on the system?


A quote from RHCE exam prep book by A. Ghori:

Quote:
Allow only BIND daemon to be able to read named.conf by altering the SELinux file context to named_conf_t ...:
Code:
chcon -t named_conf_t named.conf
That all being well and good, what if I forget it is named_conf_t and find myself guessing, what on Earth this parameter should be? named_t? Or something else?

Is there some kind of shell prompt utility (similar to getsebool -a for SELinux booleans) to list al possible type enforcement parameters?

I'm just getting to grips with the whole idea of SELinux and chances are I might use the terminology inappropriately. Sorry, if that be the case.
 
Old 11-11-2010, 11:08 AM   #2
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,394
Blog Entries: 55

Rep: Reputation: 3565Reputation: 3565Reputation: 3565Reputation: 3565Reputation: 3565Reputation: 3565Reputation: 3565Reputation: 3565Reputation: 3565Reputation: 3565Reputation: 3565
Quote:
Originally Posted by Toomas View Post
list all possible type enforcement parameters?
Try 'seinfo -t' to see all security contexts and 'matchpathcon /etc/named.conf' to query the default security context.
 
1 members found this post helpful.
Old 06-29-2011, 02:38 PM   #3
saifelyzal
LQ Newbie
 
Registered: Jun 2011
Distribution: Redhat
Posts: 28

Rep: Reputation: Disabled
you can try
#seinfo -t | grep named
 
Old 06-29-2011, 02:49 PM   #4
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,394
Blog Entries: 55

Rep: Reputation: 3565Reputation: 3565Reputation: 3565Reputation: 3565Reputation: 3565Reputation: 3565Reputation: 3565Reputation: 3565Reputation: 3565Reputation: 3565Reputation: 3565
Quote:
Originally Posted by saifelyzal View Post
you can try
#seinfo -t | grep named
In the wrong-tool-for-the-right-job category yes you can but if you would have compared output of both you'd have seen 'seinfo -t|grep' returns 10 contexts without context. So unless you know SELinux intimately you might have chosen a seemingly OK context like say "named_t" instead of the required "named_conf_t"...
 
Old 06-30-2011, 01:10 AM   #5
chrism01
LQ Guru
 
Registered: Aug 2004
Location: Sydney
Distribution: Centos 6.10, Centos 7.5
Posts: 17,569

Rep: Reputation: 2426Reputation: 2426Reputation: 2426Reputation: 2426Reputation: 2426Reputation: 2426Reputation: 2426Reputation: 2426Reputation: 2426Reputation: 2426Reputation: 2426
Code:
semanage fcontext -l|grep named
?
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Selinux-how do i find out what domains have permissions on what type?(selinux policy) vishyc88 Linux - Security 2 11-22-2010 05:27 AM
Exist a type of netinstall here ? ColDrake Slackware - Installation 4 11-06-2008 12:47 PM
NVIDIA and SELinux - can they co-exist?? KirkD Linux - Hardware 7 11-06-2007 02:20 PM
type declaration in SELinux silvercloud Linux - Enterprise 0 08-23-2005 04:47 AM
list<type> how can I make type be a pointer? exodist Programming 2 06-06-2005 09:40 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 01:44 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration