SELinux 筆記 (Rocky Linux 8)

內定的設定值：

$ semanage fcontext -l | grep '/var/www'
/var/www(/.*)?                                     all files          system_u:object_r:httpd_sys_content_t:s0
/var/www(/.*)?/logs(/.*)?                          all files          system_u:object_r:httpd_log_t:s0
/var/www/[^/]*/cgi-bin(/.*)?                       all files          system_u:object_r:httpd_sys_script_exec_t:s0
/var/www/apcupsd/multimon\.cgi                     regular file       system_u:object_r:apcupsd_cgi_script_exec_t:s0
/var/www/apcupsd/upsfstats\.cgi                    regular file       system_u:object_r:apcupsd_cgi_script_exec_t:s0
/var/www/apcupsd/upsimage\.cgi                     regular file       system_u:object_r:apcupsd_cgi_script_exec_t:s0
/var/www/apcupsd/upsstats\.cgi                     regular file       system_u:object_r:apcupsd_cgi_script_exec_t:s0
/var/www/calamaris(/.*)?                           all files          system_u:object_r:calamaris_www_t:s0
/var/www/cgi-bin(/.*)?                             all files          system_u:object_r:httpd_sys_script_exec_t:s0
/var/www/cgi-bin/apcgui(/.*)?                      all files          system_u:object_r:apcupsd_cgi_script_exec_t:s0
/var/www/cgi-bin/cgit                              regular file       system_u:object_r:git_script_exec_t:s0
/var/www/cgi-bin/cvsweb\.cgi                       regular file       system_u:object_r:cvs_script_exec_t:s0
/var/www/cgi-bin/keystone(/.*)?                    all files          system_u:object_r:keystone_cgi_script_exec_t:s0
/var/www/cgi-bin/munin.*                           all files          system_u:object_r:munin_script_exec_t:s0
/var/www/cobbler(/.*)?                             all files          system_u:object_r:cobbler_var_lib_t:s0
/var/www/dspam(/.*?)                               all files          system_u:object_r:dspam_content_t:s0
/var/www/dspam/.*\.cgi                             regular file       system_u:object_r:dspam_script_exec_t:s0
/var/www/gallery/albums(/.*)?                      all files          system_u:object_r:httpd_sys_rw_content_t:s0
/var/www/git(/.*)?                                 all files          system_u:object_r:git_content_t:s0
/var/www/git/gitweb\.cgi                           regular file       system_u:object_r:git_script_exec_t:s0
/var/www/gitweb-caching/gitweb\.cgi                regular file       system_u:object_r:git_script_exec_t:s0
/var/www/html(/.*)?/sites/default/files(/.*)?      all files          system_u:object_r:httpd_sys_rw_content_t:s0
/var/www/html(/.*)?/sites/default/settings\.php    regular file       system_u:object_r:httpd_sys_rw_content_t:s0
/var/www/html(/.*)?/uploads(/.*)?                  all files          system_u:object_r:httpd_sys_rw_content_t:s0
/var/www/html(/.*)?/wp-content(/.*)?               all files          system_u:object_r:httpd_sys_rw_content_t:s0
/var/www/html(/.*)?/wp_backups(/.*)?               all files          system_u:object_r:httpd_sys_rw_content_t:s0
/var/www/html/[^/]*/cgi-bin(/.*)?                  all files          system_u:object_r:httpd_sys_script_exec_t:s0
/var/www/html/cgi/munin.*                          all files          system_u:object_r:munin_script_exec_t:s0
/var/www/html/configuration\.php                   all files          system_u:object_r:httpd_sys_rw_content_t:s0
/var/www/html/munin(/.*)?                          all files          system_u:object_r:munin_content_t:s0
/var/www/html/munin/cgi(/.*)?                      all files          system_u:object_r:munin_script_exec_t:s0
/var/www/html/nextcloud/data(/.*)?                 all files          system_u:object_r:httpd_sys_rw_content_t:s0
/var/www/html/owncloud/data(/.*)?                  all files          system_u:object_r:httpd_sys_rw_content_t:s0
/var/www/icons(/.*)?                               all files          system_u:object_r:httpd_sys_content_t:s0
/var/www/miq/vmdb/log(/.*)?                        all files          system_u:object_r:httpd_log_t:s0
/var/www/moodle/data(/.*)?                         all files          system_u:object_r:httpd_sys_rw_content_t:s0
/var/www/moodledata(/.*)?                          all files          system_u:object_r:httpd_sys_rw_content_t:s0
/var/www/nut-cgi-bin/upsimage\.cgi                 regular file       system_u:object_r:nutups_cgi_script_exec_t:s0
/var/www/nut-cgi-bin/upsset\.cgi                   regular file       system_u:object_r:nutups_cgi_script_exec_t:s0
/var/www/nut-cgi-bin/upsstats\.cgi                 regular file       system_u:object_r:nutups_cgi_script_exec_t:s0
/var/www/openshift/broker/httpd/logs(/.*)?         all files          system_u:object_r:httpd_log_t:s0
/var/www/openshift/broker/httpd/run(/.*)?          all files          system_u:object_r:httpd_var_run_t:s0
/var/www/openshift/console/httpd/logs(/.*)?        all files          system_u:object_r:httpd_log_t:s0
/var/www/openshift/console/httpd/run(/.*)?         all files          system_u:object_r:httpd_var_run_t:s0
/var/www/openshift/console/log(/.*)?               all files          system_u:object_r:httpd_log_t:s0
/var/www/openshift/console/tmp(/.*)?               all files          system_u:object_r:httpd_tmp_t:s0
/var/www/perl(/.*)?                                all files          system_u:object_r:httpd_sys_script_exec_t:s0
/var/www/stickshift/[^/]*/log(/.*)?                all files          system_u:object_r:httpd_log_t:s0
/var/www/svn(/.*)?                                 all files          system_u:object_r:httpd_sys_rw_content_t:s0
/var/www/svn/conf(/.*)?                            all files          system_u:object_r:httpd_sys_content_t:s0
/var/www/svn/hooks(/.*)?                           all files          system_u:object_r:httpd_sys_script_exec_t:s0
/var/www/usage(/.*)?                               all files          system_u:object_r:webalizer_rw_content_t:s0
/var/www/wiki[0-9]?(/.*)?                          all files          system_u:object_r:mediawiki_rw_content_t:s0
/var/www/wiki[0-9]?\.php                           regular file       system_u:object_r:mediawiki_content_t:s0