Comments on: Implementing Mandatory Access Control with SELinux or AppArmor in Linux https://www.tecmint.com/mandatory-access-control-with-selinux-or-apparmor-linux/ Tecmint - Linux Howtos, Tutorials, Guides, News, Tips and Tricks. Wed, 19 Sep 2018 05:50:18 +0000 hourly 1 By: vivek koul https://www.tecmint.com/mandatory-access-control-with-selinux-or-apparmor-linux/comment-page-1/#comment-990085 Mon, 07 May 2018 07:06:27 +0000 http://www.tecmint.com/?p=20938#comment-990085 semanage fcontext -a -t httpd_sys_content_t ‘/websrv/sites/gabriel/public_html(/.*)?’
Instead of using double quotation we have to use single quotations while changing the context of the file index.html

]]> By: Rick Rakin https://www.tecmint.com/mandatory-access-control-with-selinux-or-apparmor-linux/comment-page-1/#comment-923226 Sun, 15 Oct 2017 17:05:29 +0000 http://www.tecmint.com/?p=20938#comment-923226 Thanks for another great write-up Gabriel. There isn’t much out there on AppArmor and how it may apply to the LFCS exam and your article is a huge help. I’d like to add that as of Ubuntu 16.04, in order to run the commands aa-enforce and aa-complain, you’ll need to first install the package named apparmor-utils.

Once this package is installed, it also provides the command aa-status, which does the same thing as apparmor_status.

Thanks again!

]]> By: Nick https://www.tecmint.com/mandatory-access-control-with-selinux-or-apparmor-linux/comment-page-1/#comment-832004 Wed, 26 Oct 2016 09:45:13 +0000 http://www.tecmint.com/?p=20938#comment-832004 Very useful, thanks.

Do you also need to use restorecon to apply the policy change for the SSH example?

I’ve recently encountered an instance of SELinux blocking access to krb5.conf when trying to setup and configure Kerberos authentication (CentOS 7). At the time I wasn’t aware of SELinux, and rebooting the server had no effect on updating the newly installed packages.

I was unable to log in physically or SSH in with a Kerberos user account, but could use SU to switch to a Kerberos user account if I logged into a local account first. This all looked PAM realted.

It turned out that disabling and re-enabling SELinux updated the SELinux policy somehow, so I didn’t leave it disabled or permissive (rebooted, temporarily disabled selinux in grub by applying selinux=0 to the boot line, logged in with an account using Kerberos, then rebooted again without disabling selinux).

I’ll play again in due course with a fresh installation, and see if the commands here reveal anything interesting.

]]> By: Gabriel A. Cánepa https://www.tecmint.com/mandatory-access-control-with-selinux-or-apparmor-linux/comment-page-1/#comment-799193 Thu, 14 Jul 2016 11:58:58 +0000 http://www.tecmint.com/?p=20938#comment-799193 In reply to Anon.

@Anon,
Debian is not one of the distributions that you can choose to take the exam. In Ubuntu, you can use AppArmor.

]]> By: Anon https://www.tecmint.com/mandatory-access-control-with-selinux-or-apparmor-linux/comment-page-1/#comment-798956 Wed, 13 Jul 2016 11:46:51 +0000 http://www.tecmint.com/?p=20938#comment-798956 Show Debian/Ubuntu based distributions examples, please.

]]>