====== [CHEATSHEET] selinux ======

====== Binaries ======
===== Add path as binaries to allow execution =====
<code bash>
semanage fcontext -a -t bin_t '/app/bin/.*'
</code>

===== Change security context of files/folder =====
<code bash>
chcon -Rv -u system_u -t bin_t '/app/data/executable.sh'
</code>

===== List defined paths by context =====

<code bash>
 semanage fcontext --list
</code>


===== Restore Default Security Contexts =====
Over 1 file:
<code bash>
restorecon -v /var/www/html/index.html
</code>

or to recursively restore the default security contexts for the whole directory:
<code bash>
restorecon -Rv /var/www/html 
</code>

====== Networking ======


===== Allowing Access to a Port =====
<code bash>
semanage port -a -t http_port_t -p tcp 81
</code>

[[https://wiki.centos.org/HowTos/SELinux#Allowing_Access_to_a_Port|Link]]
===== List port services =====
<code bash>
semanage port -l
</code>

===== Empty =====

<code bash>

</code>