Pages

Friday, December 8, 2017

Fedora 27 : Firefox and selinux intro .

Today I made a summary of selinux.
This is a protection and security utility in linux operating systems.
It is quite complex and requires a little guidance in learning.
The basic thing is to secure a grid that matches the security gaps.
The tutorial today simply exemplifies how you can change these rules.
First, check with these commands for the status of selinux:
#getenforce
#sestatus
#sestatus -b
#cat /etc/selinux/config
#ls -lZ /usr/bin/firefox
#chcon -v -t user_home_t /user/bin/firefox
This will change the selinux target type to user_home_t . That will allow firefox to run with this label (like that users) are allowed to read/write and manage. This is the default label for all content in a users home directory. This last command try to prevent confined applications from being able to read and write this content just from users home.