man semanage-fcontext
除了fcontext
还有端口也要开通,比如
semanage port -a -t http_port_t -p tcp 8309
方法1:chcon -R -t httpd_sys_rw_content_t /var/www/qin/
方法2:chcon --reference=/etc /local -R
方法3(推荐,写到系统内核):
EXAMPLE
remember to run restorecon after you set the file context
Add file-context for everything under /web
# semanage fcontext -a -t httpd_sys_content_t "/web(/.*)?"
# restorecon -R -v /web
Substitute /home1 with /home when setting file context
# semanage fcontext -a -e /home /home1
# restorecon -R -v /home1
For home directories under top level directory, for example /disk6/home,
execute the following commands.
# semanage fcontext -a -t home_root_t "/disk6"
# semanage fcontext -a -e /home /disk6/home
# restorecon -R -v /disk6
布尔值
getsebool -a
setsebool samba_export_all_rw on #临时打开
setsebool -P samba_export_all_rw on #永久打开
两个selinux排查方法(参考,无法百分百准确)
sealert -b
audit2allow < /var/log/audit/audit.log