Subtitles of the Movie

Security Enhanced Linux, also known as SELinux, provides a different paradigm. Red Hat's implementation is based on targeted daemons. For example, to connect to a shared NFS home directory, you have to explicitly allow that sharing with the appropriate SELinux configuration option, as shown here, and that's part of the point of SELinux. When you activate a daemon in Linux, it allows a whole bunch of things. With SELinux, you have to actually actively allow each action associated with the daemon, so if you don't want to support NFS home directories, don't enable it. You may have seen this third bullet here and said why am I reading SELinux? Well, it's a real important tool and, if you want to go on for your RHCE, you'll need to know how to manage SELinux for all services that you install for that exam. Besides, SELinux is active and enabled by default when you install Linux. If necessary and SELinux is not required for an exam, you can disable it with the SELinux management tool or by editing the etc slash sysconfig slash SELinux configuration file. To disable SELinux just change the setting. The options are shown in the comments. So to disable SELinux, do that and the next time you boot, SELinux will end up being disabled. But let's not do that. If you actually want to set an SELinux setting, run the setsebool command. The SELinux settings are stored in Booleans in the SELinux Booleans directory, but that's a lot of Booleans. Let's see which ones are associated with NFS. If you've studied the NFS settings associated with SELinux management tool, these should start looking a bit familiar. This one here supports the use of NFS home directories and you can active it with the setsebool command, where we use the P switch, cite the Boolean and set it to the appropriate value. Boolean values can be 0 or 1 and when you set it to 1, it turns it on. To confirm, let's read the contents of that file. And there it is. We can now use NFS-based home directories. As described earlier, the SELinux management tool illustrates the available settings and sets Booleans in the SELinux/booleans directory. It also uses labels, not the management tool, but Security Enhanced Linux itself. Let's create a web server directory and check the associated labels. We want it to match that of the default web server directory in terms of the user, the role, and the type. First let's create a web server directory. Call it web. Now let's see what the SELinux labels are on that directory. Okay, these are the SELinux labels. We have a system user, an object role, and a root type. Does that match that of the default web server directory? Let's see. The default web server directory is fair slash www. We have the same system user. We have the same object role, but we have a different content type. How would we change that? We use thechcon command. The -R, that's the dash upper case R, applies the context recursively. The -U applies it to the user, the -R applies it to the role, and the -T applies it to the type. Let's make the type of our new web directory the same type as that of the default web directory. So we apply the chcon command recursively to the type to our new web directory. And why didn't that work? I didn't spell it right. A ha, that's better. There it is, the right settings for SELinux on our new web directory. Thank you and on to the next video.