SELinux: how to list all Type Enforcement contexts that exist on the system?

Toomas · 11-11-2010, 07:40 AM

A quote from RHCE exam prep book by A. Ghori:

Quote:

Allow only BIND daemon to be able to read named.conf by altering the SELinux file context to named_conf_t ...:

Code:

chcon -t named_conf_t named.conf

That all being well and good, what if I forget it is named_conf_t and find myself guessing, what on Earth this parameter should be? named_t? Or something else?

Is there some kind of shell prompt utility (similar to getsebool -a for SELinux booleans) to list al possible type enforcement parameters?

I'm just getting to grips with the whole idea of SELinux and chances are I might use the terminology inappropriately. Sorry, if that be the case.

unSpawn · 11-11-2010, 10:08 AM

Quote:

Originally Posted by Toomas

list all possible type enforcement parameters?

Try 'seinfo -t' to see all security contexts and 'matchpathcon /etc/named.conf' to query the default security context.

saifelyzal · 06-29-2011, 01:38 PM

you can try
#seinfo -t | grep named

unSpawn · 06-29-2011, 01:49 PM

Quote:

Originally Posted by saifelyzal

you can try
#seinfo -t | grep named

In the wrong-tool-for-the-right-job category yes you can but if you would have compared output of both you'd have seen 'seinfo -t|grep' returns 10 contexts without context. So unless you know SELinux intimately you might have chosen a seemingly OK context like say "named_t" instead of the required "named_conf_t"...

chrism01 · 06-30-2011, 12:10 AM

Code:

semanage fcontext -l|grep named

?