RHCSA RHEL 8 - Use boolean settings to modify system SELinux settings

preview_player
Показать описание
Your support on Ko-Fi is much appreciated:

Join our new discord channel:

Buy CSG Merchandise:

This video is based on RHEL 8.

Video to cover the section 'Use boolean settings to modify system SELinux settings' for the RHCSA (Red Hat Certified System Administrator).

Notes from the video:

SELinux defines access controls for the applications, processes, and files on a system. It uses security policies, which are a set of rules that tell SELinux what can or can’t be accessed, to enforce the access allowed by a policy.

When an application or process, known as a subject, makes a request to access an object, like a file, SELinux checks with an access vector cache (AVC), where permissions are cached for subjects and objects.

If SELinux is unable to make a decision about access based on the cached permissions, it sends the request to the security server. The security server checks for the security context of the app or process and the file. Security context is applied from the SELinux policy database. Permission is then granted or denied.

SELinux had a large number of the contexts already defined, for example the type context is defined for already for processes such as ssh.

Booleans within SELINUX allow us to turn on and off common rules within the policy.

To list all the available booleans:

# getsebool -a

You can filter using grep or the like.

# getsebool -a | grep virtualbox

Also if you have setroubleshoot-server installed you can use:

# semanage boolean -l

Not if the application isn’t installed you can install it by:

# dnf install setroubleshoot-server

Finally to set a boolean value permenantly:

# setsebool -P use_virtualbox on

#rhcsa #rhel #linux #redhat
Рекомендации по теме
Комментарии
Автор

Great series. Thanks for the informative content.

robd.
Автор

First thanks for the videos.
I intend to follow your training in order to pass the RHCSA certification. Has the course been completed ?

toulouse
Автор

There is one question, apart from this topic, I saw that in RHCSA 7 there are some questions related with updating the kernel, Do you know/think that it could be included in the exam, from my point of view this topic is not included, thanks in advance for you opinion.

camilorestrepo