{"id":7110,"date":"2022-12-25T13:37:33","date_gmt":"2022-12-25T04:37:33","guid":{"rendered":"https:\/\/lab4ict.com\/system\/?p=7110"},"modified":"2023-05-03T01:34:05","modified_gmt":"2023-05-02T16:34:05","slug":"selinux%e3%81%ae%e6%9c%89%e5%8a%b9%e5%8c%96%ef%bc%8f%e7%84%a1%e5%8a%b9%e5%8c%96%e3%82%92%e8%a1%8c%e3%81%86%ef%bc%81","status":"publish","type":"post","link":"https:\/\/lab4ict.com\/system\/archives\/7110","title":{"rendered":"RHEL 8\u3067SELinux\u306e\u6709\u52b9\u5316\uff0f\u7121\u52b9\u5316\u3092\u884c\u3046\uff01"},"content":{"rendered":"<p>RHEL 8\u3067\u3001SELinux\u306e\u6709\u52b9\u5316\u3068\u7121\u52b9\u5316\u3059\u308b\u65b9\u6cd5\u3092\u307e\u3068\u3081\u307e\u3059\u3002<br \/>\n<!--more--><\/p>\n<h2>SELinux\u306e\u52d5\u4f5c\u30e2\u30fc\u30c9\u3092\u78ba\u8a8d\u3059\u308b\uff01<\/h2>\n<p>SELinux\u306e\u52d5\u4f5c\u30e2\u30fc\u30c9\u3092\u78ba\u8a8d\u3057\u307e\u3059\u3002<\/p>\n<h3>getenforce\u30b3\u30de\u30f3\u30c9\u3067\u52d5\u4f5c\u30e2\u30fc\u30c9\u3092\u78ba\u8a8d\u3059\u308b\uff01<\/h3>\n<p>getenforce\u30b3\u30de\u30f3\u30c9\u306e\u5b9f\u884c\u7d50\u679c\u304c\u3001Enforcing\u3067\u3042\u308c\u3070\u6709\u52b9\u3067\u3059\u3002Permissive\u3067\u3042\u308c\u3070\u3001SELinux\u306f\u6709\u52b9\u3067\u306f\u3042\u308a\u307e\u305b\u3093\u304c\u3001\u8b66\u544a\u306e\u51fa\u529b\u306f\u884c\u3044\u307e\u3059\u3002\u5b8c\u5168\u306b\u7121\u52b9\u306a\u5834\u5408\u306fDisabled\u3067\u3059\u3002<\/p>\n<pre class=\"brush: plain; title: ; notranslate\" title=\"\">\r\n$ getenforce\r\n<\/pre>\n<h3>sestatus\u30b3\u30de\u30f3\u30c9\u3067\u52d5\u4f5c\u30e2\u30fc\u30c9\u3092\u78ba\u8a8d\u3059\u308b\u3002<\/h3>\n<p>sestatus\u30b3\u30de\u30f3\u30c9\u3092\u4f7f\u7528\u3059\u308b\u3068\u8a2d\u5b9a\u30d5\u30a1\u30a4\u30eb\u306e\u5185\u5bb9\u542b\u3081\u305f\u60c5\u5831\u3092\u78ba\u8a8d\u3059\u308b\u3053\u3068\u304c\u3067\u304d\u307e\u3059\u3002<\/p>\n<pre class=\"brush: plain; title: ; notranslate\" title=\"\">\r\n$ sestatus\r\nSELinux status:                 enabled\r\nSELinuxfs mount:                \/sys\/fs\/selinux\r\nSELinux root directory:         \/etc\/selinux\r\nLoaded policy name:             targeted\r\nCurrent mode:                   enforcing\r\nMode from config file:          enforcing\r\nPolicy MLS status:              enabled\r\nPolicy deny_unknown status:     allowed\r\nMemory protection checking:     actual (secure)\r\nMax kernel policy version:      33\r\n<\/pre>\n<h2>\u52d5\u4f5c\u4e2d\u306eSELinux\u306e\u52d5\u4f5c\u30e2\u30fc\u30c9\u3092\u5909\u66f4\u3059\u308b\uff01<\/h2>\n<p>\u52d5\u4f5c\u4e2d\u306eSELinux\u306e\u52d5\u4f5c\u30e2\u30fc\u30c9\u3092Enforcing\u306b\u5909\u66f4\u3059\u308b\u306b\u306f\u3001\u4ee5\u4e0b\u306e\u30b3\u30de\u30f3\u30c9\u3092\u5b9f\u884c\u3057\u307e\u3059\u3002<\/p>\n<pre class=\"brush: plain; title: ; notranslate\" title=\"\">\r\n$ sudo setenforce Enforcing\r\n$ getenforce\r\nEnforcing\r\n<\/pre>\n<p>\u52d5\u4f5c\u4e2d\u306eSELinux\u306e\u52d5\u4f5c\u30e2\u30fc\u30c9\u3092Permissive\u306b\u5909\u66f4\u3059\u308b\u306b\u306f\u3001\u4ee5\u4e0b\u306e\u30b3\u30de\u30f3\u30c9\u3092\u5b9f\u884c\u3057\u307e\u3059\u3002<\/p>\n<pre class=\"brush: plain; title: ; notranslate\" title=\"\">\r\n$ sudo setenforce Permissive\r\n$ getenforce\r\nPermissive\r\n<\/pre>\n<h2>\u6052\u4e45\u7684\u306bSELinux\u306e\u52d5\u4f5c\u30e2\u30fc\u30c9\u3092\u8a2d\u5b9a\u3059\u308b\uff01<\/h2>\n<p>\u6052\u4e45\u7684\u306bSELinux\u306e\u52d5\u4f5c\u30e2\u30fc\u30c9\u3092\u8a2d\u5b9a\u3059\u308b\u5834\u5408\u306f\u3001\/etc\/selinux\/config\u30d5\u30a1\u30a4\u30eb\u306e\u8a2d\u5b9a\u3092\u5909\u66f4\u3057\u307e\u3059\u3002\u8a2d\u5b9a\u65b9\u6cd5\u306f\u3001\u8a2d\u5b9a\u30d5\u30a1\u30a4\u30eb\u5185\u306b\u8a18\u8f09\u3055\u308c\u3066\u3044\u307e\u3059\u3002<\/p>\n<pre class=\"brush: plain; title: ; notranslate\" title=\"\">\r\n$ cat \/etc\/selinux\/config\r\n# This file controls the state of SELinux on the system.\r\n# SELINUX= can take one of these three values:\r\n#     enforcing - SELinux security policy is enforced.\r\n#     permissive - SELinux prints warnings instead of enforcing.\r\n#     disabled - No SELinux policy is loaded.\r\nSELINUX=enforcing\r\n# SELINUXTYPE= can take one of these three values:\r\n#     targeted - Targeted processes are protected,\r\n#     minimum - Modification of targeted policy. Only selected processes are protected. \r\n#     mls - Multi Level Security protection.\r\nSELINUXTYPE=targeted\r\n<\/pre>\n<h2>\u304a\u308f\u308a\u306b<\/h2>\n<p>SELinux\u306e\u6709\u52b9\u5316\u304a\u3088\u3073\u7121\u52b9\u5316\u306e\u72b6\u614b\u306f\u3001\u30b3\u30de\u30f3\u30c9\u3067\u78ba\u8a8d\u3059\u308b\u3053\u3068\u304c\u3067\u304d\u307e\u3059\u3002\u6052\u4e45\u7684\u306b\u52d5\u4f5c\u30e2\u30fc\u30c9\u3092\u5909\u66f4\u3059\u308b\u5834\u5408\u306b\u306f\u3001\u8a2d\u5b9a\u30d5\u30a1\u30a4\u30eb\u306e\u5909\u66f4\u3092\u884c\u3044\u307e\u3059\u3002<\/p>\n<h2>\u53c2\u8003\u60c5\u5831<\/h2>\n<ul>\n<li><a href=\"https:\/\/www.redhat.com\/en\/technologies\/linux-platforms\/enterprise-linux\" target=\"_blank\" rel=\"noopener\">Red Hat Enterprise Linux<\/a><\/li>\n<\/ul>\n<h2>\u95a2\u9023\u8a18\u4e8b<\/h2>\n<div class=\"sc_getpost\"><a class=\"clearfix\" href=\"https:\/\/lab4ict.com\/system\/archives\/4965\" ><div class=\"sc_getpost_thumb post-box-thumbnail__wrap\"><img decoding=\"async\" src=\"data:image\/gif;base64,R0lGODdhAQABAPAAAN3d3QAAACwAAAAAAQABAAACAkQBADs=\" width=\"150\" height=\"150\" alt=\"\u3010\u8a18\u4e8b\u4e00\u89a7\u3011RHEL\u7cfb\u306eOS\u3092\u4f7f\u3044\u3053\u306a\u3059\uff01\" loading=\"lazy\" data-src=\"https:\/\/lab4ict.com\/system\/wp-content\/uploads\/2022\/04\/fi_rhel_01-150x150.png\" class=\"lazyload\"><\/div><div class=\"title\">\u3010\u8a18\u4e8b\u4e00\u89a7\u3011RHEL\u7cfb\u306eOS\u3092\u4f7f\u3044\u3053\u306a\u3059\uff01<\/div><div class=\"substr\">RHEL\u7cfb\u306eOS\u3092\u4f7f\u3044\u3053\u306a\u3059\u305f\u3081\u306e\u8a18\u4e8b\u4e00\u89a7\u3092\u63b2\u8f09\u3057\u307e\u3059\u3002...<\/div><\/a><\/div>\n<h2>\u95a2\u9023\u66f8\u7c4d\uff08Amazon\uff09<\/h2>\n<p><a href=\"https:\/\/amzn.to\/3H8WqP7\" rel=\"noopener\" target=\"_blank\"><img decoding=\"async\" class=\"paapi5-pa-product-image-source\" src=\"https:\/\/m.media-amazon.com\/images\/I\/41Hsgz5kRSL._SL160_.jpg\" alt=\"N\/A\"><\/a><\/p>\n<hr \/>\n<p>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>RHEL 8\u3067\u3001SELinux\u306e\u6709\u52b9\u5316\u3068\u7121\u52b9\u5316\u3059\u308b\u65b9\u6cd5\u3092\u307e\u3068\u3081\u307e\u3059\u3002<\/p>\n","protected":false},"author":1,"featured_media":5291,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[239],"tags":[],"class_list":["post-7110","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-rhel-8"],"_links":{"self":[{"href":"https:\/\/lab4ict.com\/system\/wp-json\/wp\/v2\/posts\/7110","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/lab4ict.com\/system\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/lab4ict.com\/system\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/lab4ict.com\/system\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/lab4ict.com\/system\/wp-json\/wp\/v2\/comments?post=7110"}],"version-history":[{"count":1,"href":"https:\/\/lab4ict.com\/system\/wp-json\/wp\/v2\/posts\/7110\/revisions"}],"predecessor-version":[{"id":10862,"href":"https:\/\/lab4ict.com\/system\/wp-json\/wp\/v2\/posts\/7110\/revisions\/10862"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/lab4ict.com\/system\/wp-json\/wp\/v2\/media\/5291"}],"wp:attachment":[{"href":"https:\/\/lab4ict.com\/system\/wp-json\/wp\/v2\/media?parent=7110"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/lab4ict.com\/system\/wp-json\/wp\/v2\/categories?post=7110"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/lab4ict.com\/system\/wp-json\/wp\/v2\/tags?post=7110"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}