selinux

man semanage-fcontext

除了fcontext

还有端口也要开通，比如

semanage port -a -t http_port_t -p tcp 8309

方法1：chcon -R -t httpd_sys_rw_content_t /var/www/qin/

方法2：chcon --reference=/etc /local  -R

方法3(推荐，写到系统内核)：

EXAMPLE
       remember to run restorecon after you set the file context
       Add file-context for everything under /web
       # semanage fcontext -a -t httpd_sys_content_t "/web(/.*)?"
       # restorecon -R -v /web

       Substitute /home1 with /home when setting file context
       # semanage fcontext -a -e /home /home1
       # restorecon -R -v /home1

       For home directories under top level directory, for example /disk6/home,
       execute the following commands.
       # semanage fcontext -a -t home_root_t "/disk6"
       # semanage fcontext -a -e /home /disk6/home
       # restorecon -R -v /disk6

布尔值

 getsebool -a

setsebool samba_export_all_rw on  #临时打开

setsebool -P samba_export_all_rw on  #永久打开

两个selinux排查方法（参考，无法百分百准确）

sealert -b

audit2allow  < /var/log/audit/audit.log