filmov
tv
RHCSA RHEL 8 - Use boolean settings to modify system SELinux settings
![preview_player](https://i.ytimg.com/vi/ux7aOgTiWUE/sddefault.jpg)
Показать описание
Your support on Ko-Fi is much appreciated:
Join our new discord channel:
Buy CSG Merchandise:
This video is based on RHEL 8.
Video to cover the section 'Use boolean settings to modify system SELinux settings' for the RHCSA (Red Hat Certified System Administrator).
Notes from the video:
SELinux defines access controls for the applications, processes, and files on a system. It uses security policies, which are a set of rules that tell SELinux what can or can’t be accessed, to enforce the access allowed by a policy.
When an application or process, known as a subject, makes a request to access an object, like a file, SELinux checks with an access vector cache (AVC), where permissions are cached for subjects and objects.
If SELinux is unable to make a decision about access based on the cached permissions, it sends the request to the security server. The security server checks for the security context of the app or process and the file. Security context is applied from the SELinux policy database. Permission is then granted or denied.
SELinux had a large number of the contexts already defined, for example the type context is defined for already for processes such as ssh.
Booleans within SELINUX allow us to turn on and off common rules within the policy.
To list all the available booleans:
# getsebool -a
You can filter using grep or the like.
# getsebool -a | grep virtualbox
Also if you have setroubleshoot-server installed you can use:
# semanage boolean -l
Not if the application isn’t installed you can install it by:
# dnf install setroubleshoot-server
Finally to set a boolean value permenantly:
# setsebool -P use_virtualbox on
#rhcsa #rhel #linux #redhat
Join our new discord channel:
Buy CSG Merchandise:
This video is based on RHEL 8.
Video to cover the section 'Use boolean settings to modify system SELinux settings' for the RHCSA (Red Hat Certified System Administrator).
Notes from the video:
SELinux defines access controls for the applications, processes, and files on a system. It uses security policies, which are a set of rules that tell SELinux what can or can’t be accessed, to enforce the access allowed by a policy.
When an application or process, known as a subject, makes a request to access an object, like a file, SELinux checks with an access vector cache (AVC), where permissions are cached for subjects and objects.
If SELinux is unable to make a decision about access based on the cached permissions, it sends the request to the security server. The security server checks for the security context of the app or process and the file. Security context is applied from the SELinux policy database. Permission is then granted or denied.
SELinux had a large number of the contexts already defined, for example the type context is defined for already for processes such as ssh.
Booleans within SELINUX allow us to turn on and off common rules within the policy.
To list all the available booleans:
# getsebool -a
You can filter using grep or the like.
# getsebool -a | grep virtualbox
Also if you have setroubleshoot-server installed you can use:
# semanage boolean -l
Not if the application isn’t installed you can install it by:
# dnf install setroubleshoot-server
Finally to set a boolean value permenantly:
# setsebool -P use_virtualbox on
#rhcsa #rhel #linux #redhat
Комментарии