====== [CHEATSHEET] selinux ======
====== Binaries ======
===== Add path as binaries to allow execution =====
semanage fcontext -a -t bin_t '/app/bin/.*'
===== Change security context of files/folder =====
chcon -Rv -u system_u -t bin_t '/app/data/executable.sh'
===== List defined paths by context =====
semanage fcontext --list
===== Restore Default Security Contexts =====
Over 1 file:
restorecon -v /var/www/html/index.html
or to recursively restore the default security contexts for the whole directory:
restorecon -Rv /var/www/html
====== Networking ======
===== Allowing Access to a Port =====
semanage port -a -t http_port_t -p tcp 81
[[https://wiki.centos.org/HowTos/SELinux#Allowing_Access_to_a_Port|Link]]
===== List port services =====
semanage port -l
===== Empty =====