dbfdg Ū•s´LĀ ėÁ 1Ž Vā g7 hŸ | (… Ž™ŧtVIËŊ,Ķ/.0b_ÂĻÚŨ‹_Së P?!N!Nß!G."]v"OÔ"k$#R#qã#fU$Vŧ$V%Sj%jž%B)&Tl&^Á&Á 'tâ'?W(Z—(Yō(ŽL)XÛ+4,E-X. n/ x0 †1z’2š 3šĮ3įb43J5e~5_ä5eD6fĒ67Ā.7¸ī7è8ƒl9\đ:bM;\°;c <7q<<Š<:æ<!=1=4A=v=,‘=ž=0Ú=1 >]=>2›>KÎ>2?]M?cĢ?@,@L@d_@NÄ@A_+A]‹AEéA-/B]B4vB!ĢB'ÍB$õB C_;CR›COîC:>DyD‹—D#EB>EAE^ÃEs"F––F×-G$I*K,NØŦN܅OđbPySQÅÍS‚“WÚY#ņY€]u–^Í aėÚcPĮim10ođbuWSzčĢ}å”~ŧzŧ7€Ĩô€˙šŧš‚æWƒŗ>„ō„ †ų‡Ä ˆÂŅˆŅ”‰™fН‹ū°‹ķ¯ŒīŖŽž“í2ė ‘ ’ũ˜8™:I›=„1Ÿ8ôĄ6-¤dϐz§ Šĩ+Ē…áĢgŦ(‚­:ĢŽ æ¯Rą>ZąÖ™˛Îp´?ļ\Ršb¯š\ēÚoē”Jģ`ßģä@ŧD%ŊDjŊ{¯Ŋa+žkžhųžZbŋ[ŊŋĀ\ˇĀ¤Á\šÁ Â#Ã=ÄXMÄĻÄ#šÄķŨÅ:ŅÆ  Į ČŅ(ÉYúÉNTƊŖĘd.ËS“Ë„įË[l˰ČĖĒyÍ­$ΎŌÎ\aĪæžĪgĨĐĮ ŅßÕŅāĩŌ–ĶtĨÔ?s D+gpZ_9# P/(-2c^@!J=4%bA Qi*aOn176m05 ">)'U,V.:N&`Y8[\HhMCErjSfkX;]l<RdqFBLG$T IK3Weo dac_override and dac_read_search capabilities usually indicates that the root process does not have access to a file based on the permission flags. This usually mean you have some file with the wrong ownership/permissions on it. SELinux denied access requested by $SOURCE. It is not expected that this access is required by $SOURCE and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. Attempt restorecon -v '$TARGET_PATH' or chcon -t SIMILAR_TYPE '$TARGET_PATH' Changing the "$BOOLEAN" boolean to true will allow this access: "setsebool -P $BOOLEAN=1" Changing the "$BOOLEAN" boolean to true will allow this access: "setsebool -P $BOOLEAN=1." Changing the "allow_ftpd_use_nfs" boolean to true will allow this access: "setsebool -P allow_ftpd_use_nfs=1." Changing the file_context to mnt_t will allow mount to mount the file system: "chcon -t mnt_t '$TARGET_PATH'." You must also change the default file context files on the system in order to preserve them even on a full relabel. "semanage fcontext -a -t mnt_t '$FIX_TARGET_PATH'" If httpd scripts should be allowed to write to public directories you need to turn on the $BOOLEAN boolean and change the file context of the public directory to public_content_rw_t. Read the httpd_selinux man page for further information: "setsebool -P $BOOLEAN=1; chcon -t public_content_rw_t " You must also change the default file context labeling files on the system in order to preserve public directory labeling even on a full relabel. "semanage fcontext -a -t public_content_rw_t " If you want $SOURCE to continue, you must turn on the $BOOLEAN boolean. Note: This boolean will affect all applications on the system. If you want httpd to send mail you need to turn on the $BOOLEAN boolean: "setsebool -P $BOOLEAN=1" If you want to allow $SOURCE to bind to port $PORT_NUMBER, you can execute # semanage port -a -t PORT_TYPE -p %s $PORT_NUMBER where PORT_TYPE is one of the following: %s. If this system is running as an NIS Client, turning on the allow_ypbind boolean may fix the problem. setsebool -P allow_ypbind=1. If you want to allow $SOURCE to connect to $PORT_NUMBER, you can execute # semanage port -a -t PORT_TYPE -p %s $PORT_NUMBER where PORT_TYPE is one of the following: %s. If you want to change the file context of $TARGET_PATH so that the automounter can execute it you can execute "chcon -t bin_t $TARGET_PATH". If you want this to survive a relabel, you need to permanently change the file context: execute "semanage fcontext -a -t bin_t '$FIX_TARGET_PATH'". SELinux denied access requested by $SOURCE. It is not expected that this access is required by $SOURCE and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. SELinux denied access requested by the $SOURCE command. It looks like this is either a leaked descriptor or $SOURCE output was redirected to a file it is not allowed to access. Leaks usually can be ignored since SELinux is just closing the leak and reporting the error. The application does not use the descriptor, so it will run properly. If this is a redirection, you will not get output in the $TARGET_PATH. You should generate a bugzilla on selinux-policy, and it will get routed to the appropriate package. You can safely ignore this avc. SELinux denied access to $TARGET_PATH requested by $SOURCE. $TARGET_PATH has a context used for sharing by a different program. If you would like to share $TARGET_PATH from $SOURCE also, you need to change its file context to public_content_t. If you did not intend to allow this access, this could signal an intrusion attempt. SELinux denied cvs access to $TARGET_PATH. If this is a CVS repository it needs to have a file context label of cvs_data_t. If you did not intend to use $TARGET_PATH as a CVS repository it could indicate either a bug or it could signal an intrusion attempt. SELinux denied xen access to $TARGET_PATH. If this is a XEN image, it has to have a file context label of xen_image_t. The system is setup to label image files in directory /var/lib/xen/images correctly. We recommend that you copy your image file to /var/lib/xen/images. If you really want to have your xen image files in the current directory, you can relabel $TARGET_PATH to be xen_image_t using chcon. You also need to execute semanage fcontext -a -t xen_image_t '$FIX_TARGET_PATH' to add this new path to the system defaults. If you did not intend to use $TARGET_PATH as a xen image it could indicate either a bug or an intrusion attempt. SELinux has denied the $SOURCE access to potentially mislabeled files $TARGET_PATH. This means that SELinux will not allow httpd to use these files. If httpd should be allowed this access to these files you should change the file context to one of the following types, %s. Many third party apps install html files in directories that SELinux policy cannot predict. These directories have to be labeled with a file context which httpd can access. SELinux has denied the $SOURCE_PATH from executing potentially mislabeled files $TARGET_PATH. Automounter can be setup to execute configuration files. If $TARGET_PATH is an automount executable configuration file it needs to have a file label of bin_t. If automounter is trying to execute something that it is not supposed to, this could indicate an intrusion attempt. SELinux has prevented vbetool from performing an unsafe memory operation. SELinux has prevented wine from performing an unsafe memory operation. SELinux is preventing $SOURCE_PATH "$ACCESS" access on $TARGET_PATH. SELinux is preventing $SOURCE_PATH "$ACCESS" access to $TARGET_PATH. SELinux is preventing $SOURCE_PATH "$ACCESS" to $TARGET_PATH. SELinux is preventing $SOURCE_PATH access to a leaked $TARGET_PATH file descriptor. SELinux is preventing $SOURCE_PATH from binding to port $PORT_NUMBER. SELinux is preventing $SOURCE_PATH from changing the access protection of memory on the heap. SELinux is preventing $SOURCE_PATH from connecting to port $PORT_NUMBER. SELinux is preventing $SOURCE_PATH from creating a file with a context of $SOURCE_TYPE on a filesystem. SELinux is preventing $SOURCE_PATH from loading $TARGET_PATH which requires text relocation. SELinux is preventing $SOURCE_PATH from making the program stack executable. SELinux is preventing Samba ($SOURCE_PATH) "$ACCESS" access to $TARGET_PATH. SELinux is preventing cvs ($SOURCE_PATH) "$ACCESS" access to $TARGET_PATH SELinux is preventing the $SOURCE_PATH from executing potentially mislabeled files $TARGET_PATH. SELinux is preventing the http daemon from sending mail. SELinux is preventing xen ($SOURCE_PATH) "$ACCESS" access to $TARGET_PATH. SELinux policy is preventing an httpd script from writing to a public directory. SELinux policy is preventing an httpd script from writing to a public directory. If httpd is not setup to write to public directories, this could signal an intrusion attempt. SELinux prevented $SOURCE from mounting on the file or directory "$TARGET_PATH" (type "$TARGET_TYPE"). SELinux prevented httpd $ACCESS access to http files. SELinux prevented the ftp daemon from $ACCESS files stored on a CIFS filesystem. SELinux prevented the ftp daemon from $ACCESS files stored on a NFS filesystem. The $SOURCE application attempted to change the access protection of memory on the heap (e.g., allocated using malloc). This is a potential security problem. Applications should not be doing this. Applications are sometimes coded incorrectly and request this permission. The SELinux Memory Protection Tests web page explains how to remove this requirement. If $SOURCE does not work and you need it to work, you can configure SELinux temporarily to allow this access until the application is fixed. Please file a bug report against this package. Use a command like "cp -p" to preserve all permissions except SELinux context. You can alter the file context by executing chcon -R -t rsync_data_t '$TARGET_PATH' You must also change the default file context files on the system in order to preserve them even on a full relabel. "semanage fcontext -a -t rsync_data_t '$FIX_TARGET_PATH'" You can alter the file context by executing chcon -R -t samba_share_t '$TARGET_PATH' You must also change the default file context files on the system in order to preserve them even on a full relabel. "semanage fcontext -a -t samba_share_t '$FIX_TARGET_PATH'" You can alter the file context by executing chcon -t public_content_t '$TARGET_PATH' You must also change the default file context files on the system in order to preserve them even on a full relabel. "semanage fcontext -a -t public_content_t '$FIX_TARGET_PATH'" You can alter the file context by executing chcon -t swapfile_t '$TARGET_PATH' You must also change the default file context files on the system in order to preserve them even on a full relabel. "semanage fcontext -a -t swapfile_t '$FIX_TARGET_PATH'" You can alter the file context by executing chcon -t virt_image_t '$TARGET_PATH' You must also change the default file context files on the system in order to preserve them even on a full relabel. "semanage fcontext -a -t virt_image_t '$FIX_TARGET_PATH'" You can alter the file context by executing chcon -t xen_image_t '$TARGET_PATH' You must also change the default file context files on the system in order to preserve them even on a full relabel. "semanage fcontext -a -t xen_image_t '$FIX_TARGET_PATH'" You can execute the following command as root to relabel your computer system: "touch /.autorelabel; reboot" You can generate a local policy module to allow this access - see FAQ Please file a bug report. You can generate a local policy module to allow this access - see FAQ You can restore the default system context to this file by executing the restorecon command. restorecon '$TARGET_PATH', if this file is a directory, you can recursively restore using restorecon -R '$TARGET_PATH'. Your system may be seriously compromised! Your system may be seriously compromised! $SOURCE_PATH attempted to mmap low kernel memory. Your system may be seriously compromised! $SOURCE_PATH tried to load a kernel module. Your system may be seriously compromised! $SOURCE_PATH tried to modify SELinux enforcement. Your system may be seriously compromised! $SOURCE_PATH tried to modify kernel configuration. Disable IPV6 properly. Either remove the mozplluger package by executing 'yum remove mozplugger' Or turn off enforcement of SELinux over the Firefox plugins. setsebool -P unconfined_mozilla_plugin_transition 0 If you decide to continue to run the program in question you will need to allow this operation. This can be done on the command line by executing: # setsebool -P mmap_low_allowed 1 You tried to place a type on a %s that is not a file type. This is not allowed, you must assigne a file type. You can list all file types using the seinfo command. seinfo -afile_type -x Changing the "$BOOLEAN" and "$WRITE_BOOLEAN" booleans to true will allow this access: "setsebool -P $BOOLEAN=1 $WRITE_BOOLEAN=1". warning: setting the "$WRITE_BOOLEAN" boolean to true will allow the ftp daemon to write to all public content (files and directories with type public_content_t) in addition to writing to files and directories on CIFS filesystems. # semanage fcontext -a -t SIMILAR_TYPE '$FIX_TARGET_PATH' # restorecon -v '$FIX_TARGET_PATH'# semanage fcontext -a -t samba_share_t '$FIX_TARGET_PATH%s' # restorecon %s -v '$FIX_TARGET_PATH'# semanage fcontext -a -t virt_image_t '$FIX_TARGET_PATH' # restorecon -v '$FIX_TARGET_PATH'# semanage port -a -t PORT_TYPE -p %s $PORT_NUMBER where PORT_TYPE is one of the following: %s.A process might be attempting to hack into your system.Add net.ipv6.conf.all.disable_ipv6 = 1 to /etc/sysctl.conf Contact your security administrator and report this issue.Restore ContextRestore ContextSELinux is preventing $SOURCE_PATH "$ACCESS" access.Turn off memory protectionYou can read '%s' man page for more details.You might have been hacked.You need to change the label on $FIX_TARGET_PATHYou need to change the label on $TARGET_BASE_PATHYou need to change the label on $TARGET_BASE_PATH to public_content_t or public_content_rw_t.You need to change the label on $TARGET_BASE_PATH'You need to change the label on $TARGET_PATH to a type of a similar device.You need to change the label on '$FIX_TARGET_PATH'You should report this as a bug. You can generate a local policy module to allow this access.You should report this as a bug. You can generate a local policy module to dontaudit this access.execstack -c %sif you think that you might have been hackedsetsebool -P %s %sturn on full auditing to get path information about the offending file and generate the error again.use a command like "cp -p" to preserve all permissions except SELinux context.you can run restorecon.you may be under attack by a hacker, since confined applications should never need this access.you may be under attack by a hacker, since confined applications should not need this access.you may be under attack by a hacker, this is a very dangerous access.you must change the labeling on $TARGET_PATH.you must fix the labels.you must move the cert file to the ~/.cert directoryyou must pick a valid file label.you must remove the mozplugger package.you must setup SELinux to allow thisyou must tell SELinux about thisyou must tell SELinux about this by enabling the 'httpd_unified' and 'http_enable_cgi' booleansyou must tell SELinux about this by enabling the vbetool_mmap_zero_ignore boolean.you must tell SELinux about this by enabling the wine_mmap_zero_ignore boolean.you must turn off SELinux controls on the Firefox plugins.you need to add labels to it.you need to change the label on $TARGET_PATH to public_content_rw_t, and potentially turn on the allow_httpd_sys_script_anon_write boolean.you need to fully relabel.you need to report a bug. This is a potentially dangerous access.you need to report a bug. This is a potentially dangerous access.you need to set /proc/sys/net/ipv6/conf/all/disable_ipv6 to 1 and do not blacklist the module'you need to use a different command. You are not allowed to preserve the SELinux context on the target file system.you should clear the execstack flag and see if $SOURCE_PATH works correctly. Report this as a bug on %s. You can clear the exestack flag by executing:Project-Id-Version: PACKAGE VERSION Report-Msgid-Bugs-To: POT-Creation-Date: 2021-09-07 17:26+0200 PO-Revision-Date: 2017-08-31 08:31-0400 Last-Translator: Copied by Zanata Language-Team: Bengali (India) (http://www.transifex.com/projects/p/fedora/language/bn_IN/) Language: bn_IN MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Plural-Forms: nplurals=2; plural=(n != 1); X-Generator: Zanata 4.6.2 Âģdac_override and dac_read_search āĻ•ā§āώāĻŽāϤāĻž āĻĻā§āĻŦāĻžāϰāĻž āϏāĻžāϧāĻžāϰāĻŖāϤ āύāĻŋāĻ°ā§āϧāĻžāϰāĻŋāϤ āĻšāϝāĻŧ āϝ⧇ āĻ…āύ⧁āĻŽāϤāĻŋāϰ āĻĢā§āĻ˛ā§āϝāĻžāϗ⧇āϰ āĻŽāĻžāĻ§ā§āϝāĻŽā§‡ āĻĢāĻžāχāϞ⧇āϰ āϜāĻ¨ā§āϝ root āĻĒā§āϰāϏ⧇āϏ⧇āϰ āĻ…āύ⧁āĻŽāϤāĻŋ āϧāĻžāĻ°ā§āϝ āĻšāϝāĻŧ āύāĻžāĨ¤ āϏāĻžāϧāĻžāϰāĻŖāϤ āϕ⧋āύ⧋ āĻĢāĻžāχāϞ⧇āϰ āĻŽāĻžāϞāĻŋāĻ•āĻžāύāĻž/āĻ…āύ⧁āĻŽāϤāĻŋ āĻ­ā§‚āϞ āĻĨāĻžāĻ•āϞ⧇ āĻāϟāĻŋ āĻĻ⧇āĻ–āĻž āĻĻ⧇āϝāĻŧāĨ¤ SELinux āĻĻā§āĻŦāĻžāϰāĻž $SOURCE-āϰ āĻ…āύ⧁āϰ⧋āϧ āĻ•āϰāĻž āĻŦā§āϝāĻŦāĻšāĻžāϰāĻžāϧāĻŋāĻ•āĻžāϰ āĻĒā§āϰāĻ¤ā§āϝāĻžāĻ–ā§āϝāĻžāύ āĻ•āϰāĻž āĻšā§Ÿā§‡āϛ⧇āĨ¤ āϏāĻžāϧāĻžāϰāĻŖāϤ $SOURCE-āϰ āϜāĻ¨ā§āϝ āĻāχ āϏāĻžāϧāĻžāϰāĻŖāϤ $SOURCE-āϰ āϜāĻ¨ā§āϝ āĻāχ āĻ…āϧāĻŋāĻ•āĻžāϰ āĻĒā§āϰāĻ¤ā§āϝāĻžāĻļāĻŋāϤ āύ⧟ āĻāĻŦāĻ‚ āϏāĻŽā§āĻ­āĻŦāϤ āĻāϟāĻŋ āĻ…āύ⧁āĻĒā§āϰāĻŦ⧇āĻļ⧇āϰ āϏāĻ‚āϕ⧇āϤ āĻšāϤ⧇ āĻĒāĻžāϰ⧇āĨ¤ āϏāĻŽā§āĻ­āĻŦāϤ āĻ…ā§āϝāĻžāĻĒā§āϞāĻŋāϕ⧇āĻļāύ⧇āϰ āϕ⧋āύ⧋ āϏ⧁āύāĻŋāĻ°ā§āĻĻāĻŋāĻˇā§āϟ āϏāĻ‚āĻ¸ā§āĻ•āϰāĻŖ āĻ…āĻĨāĻŦāĻž āĻ•āύāĻĢāĻŋāĻ—āĻžāϰ⧇āĻļāύ⧇āϰ āĻ•ā§āώ⧇āĻ¤ā§āϰ⧇ āĻ…āϤāĻŋāϰāĻŋāĻ•ā§āϤ āĻ…āϧāĻŋāĻ•āĻžāϰ āĻĒā§āĻ°ā§Ÿā§‹āϜāύ āĻšāĻŦ⧇āĨ¤ restorecon -v '$TARGET_PATH' āĻ…āĻĨāĻŦāĻž chcon -t SIMILAR_TYPE '$TARGET_PATH' āĻĒā§āϰ⧟āĻžāϏ āĻ•āϰāĻž āĻšāĻŦ⧇ "$BOOLEAN" āĻŦ⧁āϞāĻŋ⧟āĻžāύ⧇āϰ āĻŽāĻžāύ true āϧāĻžāĻ°ā§āϝ āĻ•āϰāĻž āĻšāϞ⧇ āĻŦā§āϝāĻŦāĻšāĻžāϰ⧇āϰ āĻ…āϧāĻŋāĻ•āĻžāϰ āĻĒā§āϰāĻĻāĻžāύ āĻ•āϰāĻž āĻšāĻŦ⧇: "setsebool -P $BOOLEAN=1" "$BOOLEAN" āĻŦ⧁āϞāĻŋ⧟āĻžāύ⧇āϰ āĻŽāĻžāύ true (āϏāĻ¤ā§āϝ) āύāĻŋāĻ°ā§āϧāĻžāϰāĻŖ āĻ•āϰāĻž āĻšāϞ⧇ āĻāχ āĻ…āύ⧁āĻŽāϤāĻŋ āĻĒā§āϰāĻĻāĻžāύ āĻ•āϰāĻž āĻšāĻŦ⧇: "setsebool -P $BOOLEAN=1." "allow_ftpd_use_nfs" āĻŦ⧁āϞāĻŋ⧟āĻžāύ⧇āϰ āĻŽāĻžāύ true (āϏāĻ¤ā§āϝ) āύāĻŋāĻ°ā§āϧāĻžāϰāĻŖ āĻ•āϰāĻž āĻšāϞ⧇ āĻāχ āĻ…āύ⧁āĻŽāϤāĻŋ āĻĒā§āϰāĻĻāĻžāύ āĻ•āϰāĻž āĻšāĻŦ⧇: "setsebool -P allow_ftpd_use_nfs=1." file_context-āϰ āĻŽāĻžāύ mnt_t āύāĻŋāĻ°ā§āϧāĻžāϰāĻŋāϤ āĻšāϞ⧇ mount āĻ•āĻŽāĻžāĻ¨ā§āĻĄ āĻĻā§āĻŦāĻžāϰāĻž āĻĢāĻžāχāϞ āϏāĻŋāĻ¸ā§āĻŸā§‡āĻŽ āĻŽāĻžāωāĻ¨ā§āϟ āĻ•āϰāĻž āϝāĻžāĻŦ⧇: "chcon -t mnt_t '$TARGET_PATH'." āϏāĻŋāĻ¸ā§āĻŸā§‡āĻŽā§‡āϰ āĻŽāĻ§ā§āϝ⧇ āĻĄāĻŋāĻĢāĻ˛ā§āϟ āĻĢāĻžāχāϞ āĻ•āύāĻŸā§‡āĻ•ā§āϏ āĻĢāĻžāχāϞ āĻĒāϰāĻŋāĻŦāĻ°ā§āϤāύ āĻ•āϰāĻž āφāĻŦāĻļā§āϝāĻ•āĨ¤ āĻāϰ āĻĢāϞ⧇ āϏāĻŽā§āĻĒā§‚āĻ°ā§āĻŖ āϰāĻŋ-āϞ⧇āĻŦāϞ (relabel) āĻ•āϰāĻž āĻšāϞ⧇āĻ“ āĻ•āύāĻŸā§‡āĻ•ā§āϏāϟ āĻ…āĻĒāϰāĻŋāĻŦāĻ°ā§āϤāĻŋāϤ āĻĨāĻžāĻ•āĻŦ⧇āĨ¤ "semanage fcontext -a -t mnt_t '$FIX_TARGET_PATH'" httpd āĻ¸ā§āĻ•ā§āϰāĻŋāĻĒā§āϟāϕ⧇ āĻāχ āĻĄāĻŋāϰ⧇āĻ•ā§āϟāϰāĻŋāϤ⧇ āϞ⧇āĻ–āĻžāϰ āĻ…āύ⧁āĻŽāϤāĻŋ āĻĒā§āϰāĻĻāĻžāύ āĻ•āϰāϤ⧇ āĻšāϞ⧇ $BOOLEAN āĻŦ⧁āϞāĻŋāϝāĻŧāĻžāύ āϏāĻ•ā§āϰāĻŋāϝāĻŧ āĻ•āϰ⧁āύ āĻ“ āϏāĻžāĻ°ā§āĻŦāϜāύ⧀āύ āĻĄāĻŋāϰ⧇āĻ•ā§āϟāϰāĻŋāϰ āĻĢāĻžāχāϞ āĻ•āύāĻŸā§‡āĻ•ā§āϏāϟ public_content_rw_t-āĻ āĻĒāϰāĻŋāĻŦāĻ°ā§āϤāύ āĻ•āϰ⧁āύāĨ¤ āĻ…āϧāĻŋāĻ• āϜāĻžāύāϤ⧇ httpd_selinux man āĻĒ⧃āĻˇā§āĻ āĻž āĻĒāĻĄāĻŧ⧁āύ: "setsebool -P $BOOLEAN=1; chcon -t public_content_rw_t " āϏāĻŋāĻ¸ā§āĻŸā§‡āĻŽā§‡āϰ āĻŽāĻ§ā§āϝ⧇ āĻĄāĻŋāĻĢāĻ˛ā§āϟ āĻĢāĻžāχāϞ āĻ•āύāĻŸā§‡āĻ•ā§āϏ āϞ⧇āĻŦ⧇āϞ āĻĒāϰāĻŋāĻŦāĻ°ā§āϤāύ āĻ•āϰāĻž āφāĻŦāĻļā§āϝāĻ•āĨ¤ āĻāϰ āĻĢāϞ⧇ āϏāĻŽā§āĻĒā§‚āĻ°ā§āĻŖ āϰāĻŋ-āϞ⧇āĻŦāϞ (relabel) āĻ•āϰāĻž āĻšāϞ⧇āĻ“ āĻ•āύāĻŸā§‡āĻ•ā§āϏāϟ āĻ…āĻĒāϰāĻŋāĻŦāĻ°ā§āϤāĻŋāϤ āĻĨāĻžāĻ•āĻŦ⧇āĨ¤ "semanage fcontext -a -t public_content_rw_t " $SOURCE āĻĻā§āĻŦāĻžāϰāĻž āĻ•āĻ°ā§āĻŽ āĻ…āĻ—ā§āϰāϏāϰ āĻ•āϰāĻžāϰ āϜāĻ¨ā§āϝ $BOOLEAN āĻŦ⧁āϞāĻŋ⧟āĻžāύ āϏāĻ•ā§āϰāĻŋ⧟ āĻ•āϰāĻž āφāĻŦāĻļā§āϝāĻ•āĨ¤ āωāĻ˛ā§āϞ⧇āĻ–ā§āϝ: āĻāχ āĻŦ⧁āϞāĻŋ⧟āĻžāύ āĻŽāĻžāύ āĻĻā§āĻŦāĻžāϰāĻž āϏāĻŋāĻ¸ā§āĻŸā§‡āĻŽā§‡āϰ āϏāĻŽāĻ¸ā§āϤ āĻ…ā§āϝāĻžāĻĒā§āϞāĻŋāϕ⧇āĻļāύ āĻĒā§āϰāĻ­āĻžāĻŦāĻŋāϤ āĻšāĻŦ⧇ httpd āĻĻā§āĻŦāĻžāϰāĻž āĻŽā§‡āχāϞ āĻĒāĻžāĻ āĻžāύ⧋āϰ āĻ…āύ⧁āĻŽāϤāĻŋ āĻĒā§āϰāĻĻāĻžāύ āĻ•āϰāϤ⧇ $BOOLEAN āĻŦ⧁āϞāĻŋ⧟āĻžāύ āϏāĻ•ā§āϰāĻŋ⧟ āĻ•āϰ⧁āύ: "setsebool -P $BOOLEAN=1" $SOURCE-āϕ⧇ $PORT_NUMBER āĻĒā§‹āĻ°ā§āĻŸā§‡āϰ āϏāĻžāĻĨ⧇ āĻŦāĻžāχāĻ¨ā§āĻĄ āĻ•āϰāĻžāϰ āĻ…āύ⧁āĻŽāϤāĻŋ āĻĒā§āϰāĻĻāĻžāύ āĻ•āϰāĻžāϰ āϜāĻ¨ā§āϝ āύāĻŋāĻŽā§āύāϞāĻŋāĻ–āĻŋāϤ āĻ•āĻŽāĻžāĻ¨ā§āĻĄāϗ⧁āϞāĻŋ āĻĒā§āĻ°ā§Ÿā§‹āĻ— āĻ•āϰ⧁āύ # semanage port -a -t PORT_TYPE -p %s $PORT_NUMBER āĻāχ āĻ•ā§āώ⧇āĻ¤ā§āϰ⧇ PORT_TYPE-āϰ āϜāĻ¨ā§āϝ āύāĻŋāĻŽā§āύāϞāĻŋāĻ–āĻŋāϤ āĻāĻ•āϟāĻŋ āĻŽāĻžāύ āĻĒā§āĻ°ā§Ÿā§‹āĻ— āĻ•āϰāĻž āĻšāĻŦ⧇: %sāĨ¤ āĻāχ āϏāĻŋāĻ¸ā§āĻŸā§‡āĻŽāϟāĻŋ āϝāĻĻāĻŋ NIS āĻ•ā§āϞāĻžā§Ÿā§‡āĻ¨ā§āϟ āϰ⧂āĻĒ⧇ āĻŦā§āϝāĻŦāĻšā§ƒāϤ āĻšā§Ÿ āϤāĻžāĻšāϞ⧇ allow_ypbind āĻŦ⧁āϞāĻŋ⧟āĻžāύ āϏāĻ•ā§āϰāĻŋ⧟ āĻ•āϰāĻž āĻšāϞ⧇ āĻāχ āϏāĻŽāĻ¸ā§āϝāĻž āϏāĻŽāĻžāϧāĻžāύ āĻ•āϰāĻž āϝāĻžāĻŦ⧇āĨ¤ setsebool -P allow_ypbind=1āĨ¤ $SOURCE-āϕ⧇ āĻāχ $PORT_NUMBER-āϰ āϏāĻžāĻĨ⧇ āϏāĻ‚āϝ⧋āϗ⧇āϰ āĻ…āύ⧁āĻŽāϤāĻŋ āĻĒā§āϰāĻĻāĻžāύ āĻ•āϰāϤ⧇ āĻĒā§āĻ°ā§Ÿā§‹āĻ— āĻ•āϰ⧁āύ # semanage port -a -t PORT_TYPE -p %s $PORT_NUMBER PORT_TYPE-āϰ āĻ•ā§āώ⧇āĻ¤ā§āϰ⧇ āύāĻŋāĻŽā§āύāϞāĻŋāĻ–āĻŋāϤ āϝ⧇ āϕ⧋āύ⧋ āĻāĻ•āϟāĻŋ āĻŽāĻžāύ āĻĒā§āĻ°ā§Ÿā§‹āĻ— āĻ•āϰāĻž āĻšāĻŦ⧇: %s. automounter āĻĻā§āĻŦāĻžāϰāĻž āϏāĻžā§āϚāĻžāϞāύāϝ⧋āĻ—ā§āϝ āĻ•āϰāĻžāϰ āωāĻĻā§āĻĻ⧇āĻļā§āϝ⧇ $TARGET_PATH'āϰ āĻĢāĻžāχāϞ āĻ•āύāĻŸā§‡āĻ•ā§āϏāϟ āĻĒāϰāĻŋāĻŦāĻ°ā§āϤāύ⧇āϰ āϜāĻ¨ā§āϝ "chcon -t bin_t $TARGET_PATH" āĻĒā§āĻ°ā§Ÿā§‹āĻ— āĻ•āϰ⧁āύāĨ¤ āĻĒ⧁āύāϰāĻžā§Ÿ āϞ⧇āĻŦ⧇āϞ āĻ•āϰāĻžāϰ āϏāĻŽā§Ÿ āĻāχ āĻ•āύāĻŸā§‡āĻ•ā§āϏāϟ āĻ…āĻĒāϰāĻŋāĻŦāĻ°ā§āϤāĻŋ āϰāĻžāĻ–āϤ⧇ āĻĢāĻžāχāϞ āĻ•āύāĻŸā§‡āĻ•ā§āϏāϟ āĻ¸ā§āĻĨāĻžāĻ¨ā§€ā§Ÿāϰ⧂āĻĒ⧇ āĻĒāϰāĻŋāĻŦāĻ°ā§āϤāύ āĻ•āϰāĻž āφāĻŦāĻļā§āϝāĻ•āĨ¤ "semanage fcontext -a -t bin_t $FIX_TARGET_PATH" āĻĒā§āĻ°ā§Ÿā§‹āĻ— āĻ•āϰ⧁āύāĨ¤ $SOURCE āĻĻā§āĻŦāĻžāϰāĻž āĻ…āύ⧁āϰ⧋āϧ āĻ•āϰāĻž āĻ…āύ⧁āĻŽāϤāĻŋ SELinux āĻĻā§āĻŦāĻžāϰāĻž āĻĒā§āϰāĻ¤ā§āϝāĻžāĻ–ā§āϝāĻžāύ āĻ•āϰāĻž āĻšā§Ÿā§‡āϛ⧇āĨ¤ $SOURCE-āϰ āĻ•ā§āώ⧇āĻ¤ā§āϰ⧇ āĻāχ āĻ…āύ⧁āĻŽāϤāĻŋāϰ āĻĒā§āĻ°ā§Ÿā§‹āϜāύ āĻĒā§āϰāĻ¤ā§āϝāĻžāĻļāĻŋāϤ āύ⧟ āĻ“ āĻāϟāĻŋ āĻ…āύ⧁āĻĒā§āϰāĻŦ⧇āĻļ⧇āϰ āϏāĻ‚āϕ⧇āϤ āĻšāϤ⧇ āĻĒāĻžāϰ⧇āĨ¤ āĻ…ā§āϝāĻžāĻĒā§āϞāĻŋāϕ⧇āĻļāύ⧇āϰ āϏ⧁āύāĻŋāĻ°ā§āĻĻāĻŋāĻˇā§āϟ āϕ⧋āύ⧋ āϏāĻ‚āĻ¸ā§āĻ•āϰāĻŖ āĻ…āĻĨāĻŦāĻž āĻ•āύāĻĢāĻŋāĻ—āĻžāϰ⧇āĻļāύ⧇āϰ āĻ•ā§āώ⧇āĻ¤ā§āϰ⧇āĻ“ āĻ…āϤāĻŋāϰāĻŋāĻ•ā§āϤ āĻāχ āĻ…āύ⧁āĻŽāϤāĻŋāϰ āĻĒā§āĻ°ā§Ÿā§‹āϜāύ āĻĻ⧇āĻ–āĻž āĻĻāĻŋāϤ⧇ āĻĒāĻžāϰ⧇āĨ¤ SELinux āĻĻā§āĻŦāĻžāϰāĻž $SOURCE āĻ•āĻŽāĻžāĻ¨ā§āĻĄā§‡āϰ āĻ…āύ⧁āϰ⧋āϧ āĻ•āϰāĻž āĻŦā§āϝāĻŦāĻšāĻžāϰ⧇āϰ āĻ…āύ⧁āĻŽāϤāĻŋ āĻĒā§āϰāĻ¤ā§āϝāĻžāĻ–ā§āϝāĻžāύ āĻ•āϰāĻž āĻšā§Ÿā§‡āϛ⧇āĨ¤ āϏāĻŽā§āĻ­āĻŦāϤ āĻāϟāĻŋ āĻāĻ•āϟāĻŋ āϞāĻŋāĻ•āĻĄ āĻĄā§‡āĻ¸ā§āĻ•ā§āϰāĻŋāĻĒā§āϟāϰ āĻ…āĻĨāĻŦāĻž $SOURCE āĻĻā§āĻŦāĻžāϰāĻž āĻŦā§āϝāĻŦāĻšāĻžāϰ⧇āϰ āϜāĻ¨ā§āϝ āĻ…āύ⧁āĻŽā§‹āĻĻāĻŋāϤ āύāĻž āĻšāĻ“ā§ŸāĻž āĻāĻ•āϟāĻŋ āĻĢāĻžāχāϞ⧇āϰ āĻŽāĻ§ā§āϝ⧇ āĻĢāϞāĻžāĻĢāϞ āĻ¸ā§āĻĨāĻžāĻĒāύ⧇āϰ āύāĻŋāĻ°ā§āĻĻ⧇āĻļ āĻĻ⧇āĻ“ā§ŸāĻž āĻšā§Ÿā§‡āĻ›āĻŋāϞāĨ¤ SELinux āĻĻā§āĻŦāĻžāϰāĻž āϏāĻžāϧāĻžāϰāĻŖāϤ āϞāĻŋāĻ• āĻŦāĻ¨ā§āϧ āĻ•āϰāĻž āĻšā§Ÿ āĻ“ āĻ¤ā§āϰ⧁āϟāĻŋāϰ āϏ⧂āϚāύāĻž āĻĒā§āϰāĻĻāĻžāύ āĻ•āϰāĻž āĻšā§ŸāĨ¤ āĻāχ āĻ•āĻžāϰāϪ⧇ āϞāĻŋāĻ• āωāĻĒ⧇āĻ•ā§āώāĻž āĻ•āϰāĻž āϝāĻžāĻŦ⧇āĨ¤ āĻ…ā§āϝāĻžāĻĒā§āϞāĻŋāϕ⧇āĻļāύ āĻĻā§āĻŦāĻžāϰāĻž āĻĄā§‡āĻ¸ā§āĻ•ā§āϰāĻŋāĻĒā§āϟāϰ āĻŦā§āϝāĻŦāĻšāĻžāϰ āĻ•āϰāĻž āĻšā§Ÿ āύāĻž āĻāĻŦāĻ‚ āĻāϰ āĻĢāϞ⧇ āĻ…ā§āϝāĻžāĻĒā§āϞāĻŋāϕ⧇āĻļāύāϟāĻŋ āϏāĻ āĻŋāĻ•āĻ­āĻžāĻŦ⧇ āϚāϞāĻŦ⧇āĨ¤ āϰāĻŋ-āĻĄāĻŋāϰ⧇āĻ•āĻļāύ⧇āϰ āĻ•ā§āώ⧇āĻ¤ā§āϰ⧇ $TARGET_PATH-āĻ āĻĢāϞāĻžāĻĢāϞ āĻĒāĻžāĻ“ā§ŸāĻž āϝāĻžāĻŦ⧇ āύāĻžāĨ¤ selinux-policy āϏāĻŽā§āĻŦāĻ¨ā§āϧ⧇ āĻāĻ•āϟāĻŋ bugzilla āϤ⧈āϰāĻŋ āĻ•āϰāĻž āωāϚāĻŋāϤ āĻāĻŦāĻ‚ āϏ⧇āϟāĻŋ āĻĒā§āϰāϝ⧋āĻœā§āϝ āĻĒā§āϝāĻžāϕ⧇āĻœā§‡āϰ āϜāĻ¨ā§āϝ āύāĻŋāĻ°ā§āĻĻ⧇āĻļ āĻ•āϰāĻž āĻšāĻŦ⧇āĨ¤ āĻāχ avc-āϟāĻŋ āĻ…āĻ—ā§āϰāĻžāĻšā§āϝ āĻ•āϰāĻž āϝāĻžāĻŦ⧇āĨ¤ SELinux āĻĻā§āĻŦāĻžāϰāĻž $SOURCE-āϰ āĻ•āϰāĻž $TARGET_PATH āĻŦā§āϝāĻŦāĻšāĻžāϰ⧇āϰ āĻ…āύ⧁āϰ⧋āϧ āĻĒā§āϰāĻ¤ā§āϝāĻžāĻ–ā§āϝāĻžāύ āĻ•āϰāĻž āĻšā§Ÿā§‡āϛ⧇āĨ¤ āĻāĻ•āϟāĻŋ āĻĒ⧃āĻĨāĻ• āĻĒā§āϰ⧋āĻ—ā§āϰāĻžāĻŽā§‡āϰ āϏāĻžāĻĨ⧇ āĻļā§‡ā§ŸāĻžāϰ āĻ•āϰāĻžāϰ āωāĻĻā§āĻĻ⧇āĻļā§āϝ⧇ $TARGET_PATH'āϰ āĻ•āύāĻŸā§‡āĻ•ā§āϏāϟ āύāĻŋāĻ°ā§āϧāĻžāϰāĻŋāϤāĨ¤ āϝāĻĻāĻŋ $TARGET_PATH-āϕ⧇ $SOURCE āĻĨ⧇āϕ⧇āĻ“ āĻļā§‡ā§ŸāĻžāϰ āĻ•āϰāϤ⧇ āχāĻšā§āϛ⧁āĻ• āĻšāύ āϤāĻžāĻšāϞ⧇ āĻāϰ āĻĢāĻžāχāϞ āĻ•āύāĻŸā§‡āĻ•ā§āϏāϟ public_content_t'āĻ āĻĒāϰāĻŋāĻŦāĻ°ā§āϤāύ āĻ•āϰāĻž āφāĻŦāĻļā§āϝāĻ•āĨ¤ āĻāχ āĻ…āύ⧁āĻŽāϤāĻŋ āϝāĻĻāĻŋ āύāĻŋāĻ°ā§āϧāĻžāϰāĻŋāϤ āύāĻž āĻšā§Ÿā§‡ āĻĨāĻžāϕ⧇ āϤāĻžāĻšāϞ⧇ āĻāϟāĻŋ āĻ…āύ⧁āĻĒā§āϰāĻŦ⧇āĻļ⧇āϰ āϏāĻ‚āϕ⧇āϤ āĻšāϤ⧇ āĻĒāĻžāϰ⧇āĨ¤ SELinux āĻĻā§āĻŦāĻžāϰāĻž $TARGET_PATH'āĻ cvs āĻŦā§āϝāĻŦāĻšāĻžāϰ⧇ āĻĒā§āϰāϤāĻŋāϰ⧋āϧ āĻ•āϰāĻž āĻšā§Ÿā§‡āϛ⧇āĨ¤ CVS āϏāĻ‚āĻ—ā§āϰāĻšāĻ¸ā§āĻĨāϞ⧇āϰ āĻ•ā§āώ⧇āĻ¤ā§āϰ⧇ āĻĢāĻžāχāϞ āĻ•āύāĻŸā§‡āĻ•ā§āϏāϟ cvs_data_t āĻšāĻ“ā§ŸāĻž āφāĻŦāĻļā§āϝāĻ•āĨ¤ $TARGET_PATH'āϕ⧇ cvs āϏāĻ‚āĻ—ā§āϰāĻšāĻ¸ā§āĻĨāϞāϰ⧂āĻĒ⧇ āύāĻŋāĻ°ā§āϧāĻžāϰāĻŖ āύāĻž āĻ•āϰāĻž āĻšāϞ⧇ āϏāĻŽā§āĻ­āĻŦāϤ āĻāϟāĻŋ āϕ⧋āύ⧋ āĻŦāĻžāĻ— āĻ…āĻĨāĻŦāĻž āĻ…āύ⧁āĻĒā§āϰāĻŦ⧇āĻļ⧇āϰ āϏāĻ‚āϕ⧇āϤāĨ¤ SELinux āĻĻā§āĻŦāĻžāϰāĻž xen-āϕ⧇ $TARGET_PATH āĻŦā§āϝāĻŦāĻšāĻžāϰ⧇āϰ āĻ…āϧāĻŋāĻ•āĻžāϰ āĻĒā§āϰāĻĻāĻžāύ āĻ•āϰāĻž āĻšā§ŸāύāĻŋ XEN āχāĻŽā§‡āĻœā§‡āϰ āĻ•ā§āώ⧇āĻ¤ā§āϰ⧇ āĻĢāĻžāχāϞ āĻ•āύāĻŸā§‡āĻ•ā§āϏāϟ āϞ⧇āĻŦ⧇āϞ xen_image_t āĻŦā§āϝāĻŦāĻšāĻžāϰ āĻ•āϰāĻž āφāĻŦāĻļā§āϝāĻ•āĨ¤ āϏāĻŋāĻ¸ā§āĻŸā§‡āĻŽāϟāĻŋ /var/lib/xen/images āĻĄāĻŋāϰ⧇āĻ•ā§āϟāϰāĻŋāϰ āĻ…āϧ⧀āύ āωāĻĒāĻ¸ā§āĻĨāĻŋāϤ āχāĻŽā§‡āϜ āĻĢāĻžāχāϞāϗ⧁āϞāĻŋ āϏāĻ āĻŋāĻ•āϰ⧂āĻĒ⧇, āϞ⧇āĻŦ⧇āϞ āĻ•āϰāĻžāϰ āωāĻĻā§āĻĻ⧇āĻļā§āϝ⧇ āĻĒā§āϰāĻ¸ā§āϤ⧁āϤ āĻ•āϰāĻž āĻšā§Ÿā§‡āϛ⧇ āĻāĻŦāĻ‚ /var/lib/xen/images-āĻ āĻĢāĻžāχāϞāϗ⧁āϞāĻŋ āĻ•āĻĒāĻŋ āĻ•āϰāĻž āĻŦāĻžāĻžā§āĻ›āĻ¨ā§€ā§ŸāĨ¤ āĻāχ āĻĄāĻŋāϰ⧇āĻ•ā§āϟāϰāĻŋāϰ āĻŽāĻ§ā§āϝ⧇ xen āχāĻŽā§‡āϜ āĻĢāĻžāχāϞāϗ⧁āϞāĻŋ āĻ¸ā§āĻĨāĻžāĻĒāύ āĻ•āϰāĻžāϰ āϜāĻ¨ā§āϝ chcon āĻĒā§āĻ°ā§Ÿā§‹āĻ— āĻ•āϰ⧇ $TARGET_PATH-āϕ⧇ xen_image_t āĻĢāĻžāχāϞ/āĻĄāĻŋāϰ⧇āĻ•ā§āϟāϰāĻŋ āϰ⧂āĻĒ⧇ āύāĻŋāĻ°ā§āϧāĻžāϰāĻŖ āĻ•āϰāĻž āϝāĻžāĻŦ⧇āĨ¤ āĻāϟāĻŋ āĻ•āϰāĻž āĻšāϞ⧇ āϏāĻŋāĻ¸ā§āĻŸā§‡āĻŽ āĻĄāĻŋāĻĢāĻ˛ā§āĻŸā§‡ āύāϤ⧁āύ āĻĒāĻžāĻĨ āϝ⧋āĻ— āĻ•āϰāĻžāϰ āϜāĻ¨ā§āϝ semanage fcontext -a -t xen_image_t '$FIX_TARGET_PATH' āĻŦā§āϝāĻŦāĻšāĻžāϰ āĻ•āϰ⧁āύāĨ¤ āφāĻĒāύāĻŋ āϝāĻĻāĻŋ $TARGET_PATH-āϕ⧇ xen āχāĻŽā§‡āϜāϰ⧂āĻĒ⧇ āĻŦā§āϝāĻŦāĻšāĻžāϰ⧇āϰ āϜāĻ¨ā§āϝ āϚāĻŋāĻšā§āύāĻŋāϤ āύāĻž āĻ•āϰ⧇ āĻĨāĻžāϕ⧇āύ āϤāĻžāĻšāϞ⧇ āϏāĻŽā§āĻ­āĻŦāϤ āĻāϟāĻŋ āĻāĻ•āϟāĻŋ āĻŦāĻžāĻ— āĻ…āĻĨāĻŦāĻž āĻ…āύ⧁āĻĒā§āϰāĻŦ⧇āĻļ⧇āϰ āϏāĻ‚āϕ⧇āϤāĨ¤ SELinux āĻĻā§āĻŦāĻžāϰāĻž $SOURCE-āϕ⧇ āϏāĻ¨ā§āĻĻ⧇āĻšāϜāύāĻ• āϞ⧇āĻŦ⧇āϞ āϏāĻš āĻĢāĻžāχāϞ $TARGET_PATH āĻĒ⧜āϤ⧇ āĻŦāĻžāϧāĻž āϏ⧃āĻˇā§āϟāĻŋ āĻ•āϰāĻž āĻšā§Ÿā§‡āϛ⧇āĨ¤ āĻāϰ āĻĢāϞ⧇ SELinux āĻĻā§āĻŦāĻžāϰāĻž httpd-āϕ⧇ āĻāχ āϏāĻŽāĻ¸ā§āϤ āĻĢāĻžāχāϞ āĻŦā§āϝāĻŦāĻšāĻžāϰ⧇āϰ āĻ…āύ⧁āĻŽāϤāĻŋ āĻĒā§āϰāĻĻāĻžāύ āĻ•āϰāĻž āĻšāĻŦ⧇ āύāĻžāĨ¤ httpd-āϰ āϜāĻ¨ā§āϝ āĻāχ āĻĢāĻžāχāϞāϗ⧁āϞāĻŋ āĻŦā§āϝāĻŦāĻšāĻžāϰ⧇āϰ āĻ…āύ⧁āĻŽāϤāĻŋ āĻĒā§āϰāĻĻāĻžāύ āĻ•āϰāĻžāϰ āϜāĻ¨ā§āϝ āύāĻŋāĻŽā§āύāϞāĻŋāĻ–āĻŋāϤ āĻāĻ•āϟāĻŋ āϧāϰāύ⧇ āĻĢāĻžāχāϞ⧇āϰ āĻ•āύāĻŸā§‡āĻ•ā§āϏāϟ āĻĒāϰāĻŋāĻŦāĻ°ā§āϤāύ āĻ•āϰāĻž āφāĻŦāĻļā§āϝāĻ•, %s. āĻ•āĻŋāϛ⧁ āĻ•ā§āώ⧇āĻ¤ā§āϰ⧇ āĻ¸ā§āĻŦāϤāĻ¨ā§āĻ¤ā§āϰ āĻ…ā§āϝāĻžāĻĒā§āϞāĻŋāϕ⧇āĻļāύāϗ⧁āϞāĻŋāϰ āĻĻā§āĻŦāĻžāϰāĻž SELinux āĻĒāϞāĻŋāϏāĻŋāϰ āĻ…āϜāĻžāύāĻž āĻĄāĻŋāϰ⧇āĻ•ā§āϟāϰāĻŋāϰ āĻŽāĻ§ā§āϝ⧇ html āĻĢāĻžāχāϞ āĻ¸ā§āĻĨāĻžāĻĒāύ āĻ•āϰāĻž āĻšā§ŸāĨ¤ āĻāχ āĻĄāĻŋāϰ⧇āĻ•ā§āϟāϰāĻŋāϗ⧁āϞāĻŋāϰ āĻ•ā§āώ⧇āĻ¤ā§āϰ⧇ httpd āĻĻā§āĻŦāĻžāϰāĻž āĻŦā§āϝāĻŦāĻšāĻžāϰāϝ⧋āĻ—ā§āϝ āĻĢāĻžāχāϞ āĻ•āύāĻŸā§‡āĻ•ā§āϏāϟ āϏāĻšāϝ⧋āϗ⧇ āϞ⧇āĻŦ⧇āϞ āĻĒā§āĻ°ā§Ÿā§‹āĻ— āĻ•āϰāĻž āφāĻŦāĻļā§āϝāĻ• SELinux āĻĻā§āĻŦāĻžāϰāĻž $SOURCE_PATH-āϕ⧇ āϏāĻ¨ā§āĻĻ⧇āĻšāϜāύāĻ• āϞ⧇āĻŦ⧇āϞ āϏāĻš āĻĢāĻžāχāϞ $TARGET_PATH āϏāĻžā§āϚāĻžāϞāύ āĻ•āϰāϤ⧇ āĻŦāĻžāϧāĻž āϏ⧃āĻˇā§āϟāĻŋ āĻ•āϰāĻž āĻšā§Ÿā§‡āϛ⧇āĨ¤ $TARGET_PATH āϝāĻĻāĻŋ automount āĻāĻ•ā§āϏ⧇āĻ•āĻŋāωāĻŸā§‡āĻŦāϞ āĻĢāĻžāχāϞ āĻšā§Ÿ āϤāĻžāĻšāϞ⧇ bin_t āĻĢāĻžāχāϞ āϞ⧇āĻŦ⧇āϞ āĻĒā§āĻ°ā§Ÿā§‹āĻ— āĻ•āϰ⧇ Automounter āĻĻā§āĻŦāĻžāϰāĻž āĻ•āύāĻĢāĻŋāĻ—āĻžāϰ⧇āĻļāύ āĻĢāĻžāχāϞ āϚāĻžāϞāύāĻž āĻ•āϰāĻž āϝāĻžāĻŦ⧇āĨ¤ āĻāĻ•ā§āϏ⧇āĻ•āĻŋāωāϟ āĻ•āϰāĻžāϰ āϜāĻ¨ā§āϝ āĻĒā§āϰāĻ¸ā§āϤ⧁āϤ āύāĻž āĻ•āϰāĻž āϕ⧋āύ⧋ āĻŦāĻ¸ā§āϤ⧁ Automounter āĻĻā§āĻŦāĻžāϰāĻž āϏāĻžā§āϚāĻžāϞāύ⧇āϰ āĻĒā§āϰāĻšā§‡āĻˇā§āϟāĻž āĻ•āϰāĻž āĻšāϞ⧇ āĻāϟāĻŋ āĻ…āύ⧁āĻĒā§āϰāĻŦ⧇āĻļ⧇āϰ āϏāĻ‚āϕ⧇āϤ āĻšāϤ⧇ āĻĒāĻžāϰ⧇āĨ¤ SELinux āĻĻā§āĻŦāĻžāϰāĻž vbetool-āϕ⧇ āĻŽā§‡āĻŽāϰāĻŋ āϏāĻ‚āĻ•ā§āϰāĻžāĻ¨ā§āϤ āĻāĻ•āϟāĻŋ āĻ…āύāĻŋāϰāĻžāĻĒāĻĻ āĻ•āĻ°ā§āĻŽ āϏāĻžā§āϚāĻžāϞāύ āĻ•āϰāϤ⧇ āĻĒā§āϰāϤāĻŋāϰ⧋āϧ āĻ•āϰāĻž āĻšā§Ÿā§‡āϛ⧇āĨ¤ SELinux āĻĻā§āĻŦāĻžāϰāĻž wine-āϕ⧇ āĻŽā§‡āĻŽāϰāĻŋ āϏāĻ‚āĻ•ā§āϰāĻžāĻ¨ā§āϤ āĻāĻ•āϟāĻŋ āĻ…āύāĻŋāϰāĻžāĻĒāĻĻ āĻ•āĻ°ā§āĻŽ āϏāĻžā§āϚāĻžāϞāύ āĻ•āϰāϤ⧇ āĻĒā§āϰāϤāĻŋāϰ⧋āϧ āĻ•āϰāĻž āĻšā§Ÿā§‡āϛ⧇āĨ¤ SELinux āĻĻā§āĻŦāĻžāϰāĻž $SOURCE_PATH-āϕ⧇ āĻĄāĻŋāĻ­āĻžāχāϏ $TARGET_PATH "$ACCESS" āĻŦā§āϝāĻŦāĻšāĻžāϰ⧇āϰ āĻŦāĻžāϧāĻž āϏ⧃āĻˇā§āϟāĻŋ āĻ•āϰāĻž āĻšāĻšā§āϛ⧇āĨ¤ SELinux āĻĻā§āĻŦāĻžāϰāĻž $SOURCE_PATH-āϕ⧇ āĻĄāĻŋāĻ­āĻžāχāϏ $TARGET_PATH "$ACCESS" āĻŦā§āϝāĻŦāĻšāĻžāϰ⧇āϰ āĻŦāĻžāϧāĻž āϏ⧃āĻˇā§āϟāĻŋ āĻ•āϰāĻž āĻšāĻšā§āϛ⧇āĨ¤ SELinux āĻĻā§āĻŦāĻžāϰāĻž $SOURCE_PATH-āϕ⧇ $TARGET_PATH āĻŦā§āϝāĻŦāĻšāĻžāϰ āĻ•āϰāϤ⧇ āĻŦāĻžāϧāĻž āϏ⧃āĻˇā§āϟāĻŋ āĻ•āϰāĻž āĻšāĻšā§āϛ⧇āĨ¤ SELinux āĻĻā§āĻŦāĻžāϰāĻž $SOURCE_PATH-āϕ⧇ āĻāĻ•āϟāĻŋ leak āĻ•āϰāĻž $TARGET_PATH āĻĢāĻžāχāϞ āĻĄā§‡āĻ¸ā§āĻ•ā§āϰāĻŋāĻĒā§āϟāϰ āĻŦā§āϝāĻŦāĻšāĻžāϰ āĻ•āϰāϤ⧇ āĻĒā§āϰāϤāĻŋāϰ⧋āϧ āϏ⧃āĻˇā§āϟāĻŋ āĻ•āϰāĻž āĻšāĻšā§āϛ⧇āĨ¤ SELinux āĻĻā§āĻŦāĻžāϰāĻž $SOURCE_PATH-āϕ⧇ āĻĒā§‹āĻ°ā§āϟ $PORT_NUMBER-āϰ āϏāĻžāĻĨ⧇ āĻŦāĻžāχāĻ¨ā§āĻĄ āĻ•āϰāϤ⧇ āĻĒā§āϰāϤāĻŋāϰ⧋āϧ āĻ•āϰāĻž āĻšāĻšā§āϛ⧇āĨ¤ SELinux āĻĻā§āĻŦāĻžāϰāĻž $SOURCE_PATH-āϕ⧇ heap'āϰ āĻŽāĻ§ā§āϝ⧇ āĻŽā§‡āĻŽāϰāĻŋ āĻŦā§āϝāĻŦāĻšāĻžāϰ⧇āϰ āĻ…āϧāĻŋāĻ•āĻžāϰ āĻĒāϰāĻŋāĻŦāĻ°ā§āϤāύ⧇ āĻĒā§āϰāϤāĻŋāϰ⧋āϧ āĻ•āϰāĻž āĻšāĻšā§āϛ⧇āĨ¤ SELinux āĻĻā§āĻŦāĻžāϰāĻž $SOURCE_PATH-āϕ⧇ āĻĒā§‹āĻ°ā§āϟ $PORT_NUMBER'āϰ āϏāĻžāĻĨ⧇ āϏāĻ‚āϝ⧋āĻ— āĻ•āϰāϤ⧇ āĻŦāĻžāϧāĻž āĻĻ⧇āĻ“ā§ŸāĻž āĻšāĻšā§āϛ⧇āĨ¤ SELinux āĻĻā§āĻŦāĻžāϰāĻž $SOURCEPATH-āϕ⧇ āĻĢāĻžāχāϞ-āϏāĻŋāĻ¸ā§āĻŸā§‡āĻŽā§‡āϰ āĻŽāĻ§ā§āϝ⧇ $SOURCE_TYPE āĻ•āύāĻŸā§‡āĻ•ā§āϏāϟ āϏāĻš āĻāĻ•āϟāĻŋ āĻĢāĻžāχāϞ āύāĻŋāĻ°ā§āĻŽāĻžāĻŖ āĻ•āϰāϤ⧇ āĻĒā§āϰāϤāĻŋāϰ⧋āϧ āĻ•āϰāĻž āĻšā§Ÿā§‡āϛ⧇āĨ¤ SELinux āĻĻā§āĻŦāĻžāϰāĻž $SOURCE_PATH-āϕ⧇ $TARGET_PATH āϞ⧋āĻĄ āĻ•āϰāϤ⧇ āĻĒā§āϰāϤāĻŋāϰ⧋āϧ āϏ⧃āĻˇā§āϟāĻŋ āĻ•āϰāĻž āĻšāĻšā§āϛ⧇, āĻāχ āĻ•āĻžāĻœā§‡ āĻŸā§‡āĻ•ā§āϏāϟ āĻ¸ā§āĻĨāĻžāύāĻžāĻ¨ā§āϤāϰ āĻ•āϰāĻž āφāĻŦāĻļā§āϝāĻ•āĨ¤ SELinux āĻĻā§āĻŦāĻžāϰāĻž $SOURCE_PATH-āϕ⧇ āĻĒā§āϰ⧋āĻ—ā§āϰāĻžāĻŽ āĻ¸ā§āĻŸā§āϝāĻžāĻ• āϏāĻžā§āϚāĻžāϞāύāϝ⧋āĻ—ā§āϝ (āĻāĻ•ā§āϏ⧇āĻ•āĻŋāωāĻŸā§‡āĻŦāϞ) āĻ•āϰāϤ⧇ āĻĒā§āϰāϤāĻŋāϰ⧋āϧ āĻ•āϰāĻž āĻšāĻšā§āϛ⧇āĨ¤ SELinux āĻĻā§āĻŦāĻžāϰāĻž Samba-āϕ⧇ ($SOURCE_TYPE) āĻĄāĻŋāĻ­āĻžāχāϏ $TARGET_PATH "$ACCESS" āĻŦā§āϝāĻŦāĻšāĻžāϰ⧇āϰ āĻŦāĻžāϧāĻž āϏ⧃āĻˇā§āϟāĻŋ āĻ•āϰāĻž āĻšāĻšā§āϛ⧇āĨ¤ SELinux āĻĻā§āĻŦāĻžāϰāĻž cvs ($SOURCE_TYPE)-āϕ⧇ āĻĄāĻŋāĻ­āĻžāχāϏ $TARGET_PATH "$ACCESS" āĻŦā§āϝāĻŦāĻšāĻžāϰ⧇āϰ āĻŦāĻžāϧāĻž āϏ⧃āĻˇā§āϟāĻŋ āĻ•āϰāĻž āĻšāĻšā§āϛ⧇āĨ¤ SELinux āĻĻā§āĻŦāĻžāϰāĻž $SOURCE_PATH-āϕ⧇ āϏāĻ¨ā§āĻĻ⧇āĻšāϜāύāĻ• āϞ⧇āĻŦ⧇āϞ āϏāĻš āĻĢāĻžāχāϞ ($TARGET_PATH) āĻĒ⧜āϤ⧇ āĻŦāĻžāϧāĻž āϏ⧃āĻˇā§āϟāĻŋ āĻ•āϰāĻž āĻšā§Ÿā§‡āϛ⧇āĨ¤ SELinux āĻĻā§āĻŦāĻžāϰāĻž http āĻĄā§‡āĻŽāύāϕ⧇ āĻŽā§‡āχāϞ āĻĒāĻžāĻ āĻžāϤ⧇ āĻŦāĻžāϧāĻž āϏ⧃āĻˇā§āϟāĻŋ āĻ•āϰāĻž āĻšāĻšā§āϛ⧇āĨ¤ SELinux āĻĻā§āĻŦāĻžāϰāĻž xen-āϕ⧇ ($SOURCE_PATH) $TARGET_PATH "$ACCESS" āĻŦā§āϝāĻŦāĻšāĻžāϰ⧇āϰ āĻŦāĻžāϧāĻž āϏ⧃āĻˇā§āϟāĻŋ āĻ•āϰāĻž āĻšāĻšā§āϛ⧇āĨ¤ SELinux āύāĻŋ⧟āĻŽāύ⧀āϤāĻŋāϰ āϜāĻ¨ā§āϝ httpd āĻ¸ā§āĻ•ā§āϰāĻŋāĻĒā§āϟāϕ⧇ āϏāĻžāĻ°ā§āĻŦāϜāύ⧀āύ āĻĄāĻŋāϰ⧇āĻ•ā§āϟāϰāĻŋāϰ āĻŽāĻ§ā§āϝ⧇ āϞāĻŋāĻ–āϤ⧇ āĻŦāĻžāϧāĻž āϏ⧃āĻˇā§āϟāĻŋ āĻ•āϰāĻž āĻšāĻšā§āϛ⧇āĨ¤ SELinux āύāĻŋ⧟āĻŽāύ⧀āϤāĻŋāϰ āϜāĻ¨ā§āϝ httpd āĻ¸ā§āĻ•ā§āϰāĻŋāĻĒā§āϟ āϏāĻžāĻ°ā§āĻŦāϜāύ⧀āύ āĻĄāĻŋāϰ⧇āĻ•ā§āϟāĻŋāϰ āĻŽāĻ§ā§āϝ⧇ āϞāĻŋāĻ–āϤ⧇ āĻŦāĻžāϧāĻž āϏ⧃āĻˇā§āϟāĻŋ āĻ•āϰāĻž āĻšāĻšā§āϛ⧇āĨ¤ āĻ…ā§āϝāĻžāύ⧋āύāĻŋāĻŽāĻžāϏ āϞāĻŋāĻ–āύ⧇āϰ āωāĻĻā§āĻĻ⧇āĻļā§āϝ⧇ http āύāĻŋāĻ°ā§āϧāĻžāϰāĻŖ āύāĻž āĻ•āϰāĻž āĻšāϞ⧇, āĻāϟāĻŋ āϏāĻŽā§āĻ­āĻžāĻŦā§āϝ āĻ…āύ⧁āĻĒā§āϰāĻŦ⧇āĻļ⧇āϰ āϏāĻ‚āϕ⧇āϤ āĻšāϤ⧇ āĻĒāĻžāϰ⧇āĨ¤ SELinux āĻĻā§āĻŦāĻžāϰāĻž $SOURCE-'āϕ⧇ āĻĢāĻžāχāϞ āĻ…āĻĨāĻŦāĻž āĻĄāĻŋāϰ⧇āĻ•ā§āϟāϰāĻŋāϤ⧇ āĻŽāĻžāωāĻ¨ā§āϟ āĻ•āϰāϤ⧇ āĻĒā§āϰāϤāĻŋāϰ⧋āϧ āĻ•āϰāĻž āĻšā§Ÿā§‡āϛ⧇ "$TARGET_PATH" (type "$TARGET_TYPE")āĨ¤ SELinux āĻĻā§āĻŦāĻžāϰāĻž httpd-āϕ⧇ http āĻĢāĻžāχāϞ $ACCESS āĻŦā§āϝāĻŦāĻšāĻžāϰ⧇ āĻŦāĻžāϧāĻž āϏ⧃āĻˇā§āϟāĻŋ āĻ•āϰāĻž āĻšāĻšā§āϛ⧇āĨ¤ SELinux āĻĻā§āĻŦāĻžāϰāĻž ftp āĻĄā§‡āĻŽāύāϕ⧇ CIFS āĻĢāĻžāχāϞ-āϏāĻŋāĻ¸ā§āĻŸā§‡āĻŽā§‡āϰ āĻŽāĻ§ā§āϝ⧇ āϏāĻ‚āϰāĻ•ā§āώāĻŋāϤ āĻĢāĻžāχāϞ $ACCESS āĻ•āϰāϤ⧇ āĻĒā§āϰāϤāĻŋāϰ⧋āϧ āĻ•āϰāĻž āĻšāϝāĻŧ⧇āϛ⧇āĨ¤ SELinux āĻĻā§āĻŦāĻžāϰāĻž ftp āĻĄā§‡āĻŽāύāϕ⧇ NFS āĻĢāĻžāχāϞ-āϏāĻŋāĻ¸ā§āĻŸā§‡āĻŽā§‡āϰ āĻŽāĻ§ā§āϝ⧇ āϏāĻ‚āϰāĻ•ā§āώāĻŋāϤ āĻĢāĻžāχāϞ $ACCESS āĻ•āϰāϤ⧇ āĻĒā§āϰāϤāĻŋāϰ⧋āϧ āĻ•āϰāĻž āĻšāϝāĻŧ⧇āϛ⧇āĨ¤ $SOURCE āĻ…ā§āϝāĻžāĻĒā§āϞāĻŋāϕ⧇āĻļāύ⧇āϰ āĻĻā§āĻŦāĻžāϰāĻž heap-āϰ āωāĻĒāϰ āĻŦā§āϝāĻŦāĻšāĻžāϰāĻžāϧāĻŋāĻ•āĻžāϰ⧇āϰ āϏ⧀āĻŽāĻžāϰ⧇āĻ–āĻž (āωāĻĻāĻžāĻšāϰāĻŖ, malloc āĻĻā§āĻŦāĻžāϰāĻž āφāϰāĻ•ā§āώāĻŋāϤ) āĻĒāϰāĻŋāĻŦāĻ°ā§āϤāύ⧇āϰ āĻĒā§āϰāĻšā§‡āĻˇā§āϟāĻž āĻ•āϰāĻž āĻšā§Ÿā§‡āϛ⧇āĨ¤ āĻāϟāĻŋ āĻāĻ•āϟāĻŋ āϏāĻŽā§āĻ­āĻžāĻŦā§āϝ āϏ⧁āϰāĻ•ā§āώāĻž āϜ⧜āĻŋāϤ āφāĻļāĻ™ā§āĻ•āĻžāĨ¤ āĻ…ā§āϝāĻžāĻĒā§āϞāĻŋāϕ⧇āĻļāύāϗ⧁āϞāĻŋāϰ āĻĻā§āĻŦāĻžāϰāĻž āĻāχ āĻ•āĻžāĻ°ā§āϝ āĻ•āϰāĻž āωāϚāĻŋāϤ āύ⧟āĨ¤ āĻ…ā§āϝāĻžāĻĒā§āϞāĻŋāϕ⧇āĻļāύ⧇āϰ āĻŽāĻ§ā§āϝ⧇ āωāĻĒāĻ¸ā§āĻĨāĻŋāϤ āĻ¤ā§āϰ⧁āϟāĻŋāĻĒā§‚āĻ°ā§āĻŖ āϕ⧋āĻĄā§‡āϰ āĻĢāϞ⧇ āĻāχ āĻ…āύ⧁āϰ⧋āϧ āĻ•āϰāĻž āĻšāϤ⧇ āĻĒāĻžāϰ⧇āĨ¤ SELinux Memory Protection Tests āĻ“ā§Ÿā§‡āĻŦ āĻĒ⧇āϜ'āĻ āĻāχ āφāĻŦāĻļā§āϝāĻ•āϤāĻž āĻŽā§āϛ⧇ āĻĢ⧇āϞāĻžāϰ āύāĻŋāĻ°ā§āĻĻ⧇āĻļ āϞ⧇āĻ–āĻž āĻšā§Ÿā§‡āϛ⧇āĨ¤ $SOURCE-āϰ āϏāĻ āĻŋāĻ• āĻ•āĻ°ā§āĻŽ āϏāĻžā§āϚāĻžāϞāύ āĻĒā§āĻ°ā§Ÿā§‹āϜāύ āĻšāϞ⧇ SELinux āĻ•āύāĻĢāĻŋāĻ—āĻžāϰ āĻ•āϰ⧇ āĻ…ā§āϝāĻžāĻĒā§āϞāĻŋāϕ⧇āĻļāύ⧇āϰ āĻ¤ā§āϰ⧁āϟāĻŋ āϏāĻ‚āĻļā§‹āϧāύ āύāĻž āĻ•āϰāĻž āĻ…āĻŦāϧāĻŋ āĻ…āĻ¸ā§āĻĨāĻžā§Ÿā§€ āϰ⧂āĻĒ⧇ āĻŦā§āϝāĻŦāĻšāĻžāϰāĻžāϧāĻŋāĻ•āĻžāϰ āĻĒā§āϰāĻĻāĻžāύ āĻ•āϰ⧁āύāĨ¤ āĻ…āύ⧁āĻ—ā§āϰāĻš āĻ•āϰ⧇ āĻāχ āĻĒā§āϝāĻžāϕ⧇āĻœā§‡āϰ āϜāĻ¨ā§āϝ āĻŦāĻžāĻ— āϰāĻŋāĻĒā§‹āĻ°ā§āϟ āĻĻāĻžā§Ÿā§‡āϰ āĻ•āϰ⧁āύāĨ¤ SELinux āĻ•āύāĻŸā§‡āĻ•ā§āϏāϟ āĻŦā§āϝāϤ⧀āϤ āĻ…āĻ¨ā§āϝāĻžāĻ¨ā§āϝ āϏāĻ•āϞ āĻ…āύ⧁āĻŽāϤāĻŋ āĻ…āĻĒāϰāĻŋāĻŦāĻ°ā§āϤāĻŋāϤ āϰāĻžāĻ–āϤ⧇ "cp -P" āϧāϰāύ⧇āϰ āϕ⧋āύ⧋ āĻ•āĻŽāĻžāĻ¨ā§āĻĄ āĻĒā§āĻ°ā§Ÿā§‹āĻ— āĻ•āϰ⧁āύāĨ¤ chcon -R -t rsync_data_t '$TARGET_PATH' āĻĒā§āĻ°ā§Ÿā§‹āĻ— āĻ•āϰ⧇ āĻĢāĻžāχāϞ āĻ•āύāĻŸā§‡āĻ•ā§āϏāϟ āĻĒāϰāĻŋāĻŦāĻ°ā§āϤāύ āĻ•āϰāĻž āϝāĻžāĻŦ⧇āĨ¤ āϏāĻŋāĻ¸ā§āĻŸā§‡āĻŽā§‡āϰ āĻŽāĻ§ā§āϝ⧇ āĻĄāĻŋāĻĢāĻ˛ā§āϟ āĻĢāĻžāχāϞ āĻ•āύāĻŸā§‡āĻ•ā§āϏ āĻĢāĻžāχāϞ āĻĒāϰāĻŋāĻŦāĻ°ā§āϤāύ āĻ•āϰāĻž āφāĻŦāĻļā§āϝāĻ•āĨ¤ āĻāϰ āĻĢāϞ⧇ āϏāĻŽā§āĻĒā§‚āĻ°ā§āĻŖ āϰāĻŋ-āϞ⧇āĻŦāϞ (relabel) āĻ•āϰāĻž āĻšāϞ⧇āĻ“ āĻ•āύāĻŸā§‡āĻ•ā§āϏāϟ āĻ…āĻĒāϰāĻŋāĻŦāĻ°ā§āϤāĻŋāϤ āĻĨāĻžāĻ•āĻŦ⧇āĨ¤ "semanage fcontext -a -t rsync_data_t '$FIX_TARGET_PATH'" chcon -R -t samba_share_t '$TARGET_PATH' āĻĒā§āĻ°ā§Ÿā§‹āĻ— āĻ•āϰ⧇ āĻĢāĻžāχāϞ āĻ•āύāĻŸā§‡āĻ•ā§āϏāϟ āĻĒāϰāĻŋāĻŦāĻ°ā§āϤāύ āĻ•āϰāĻž āϝāĻžāĻŦ⧇āĨ¤ āϏāĻŋāĻ¸ā§āĻŸā§‡āĻŽā§‡āϰ āĻŽāĻ§ā§āϝ⧇ āĻĄāĻŋāĻĢāĻ˛ā§āϟ āĻĢāĻžāχāϞ āĻ•āύāĻŸā§‡āĻ•ā§āϏ āĻĢāĻžāχāϞ āĻĒāϰāĻŋāĻŦāĻ°ā§āϤāύ āĻ•āϰāĻž āφāĻŦāĻļā§āϝāĻ•āĨ¤ āĻāϰ āĻĢāϞ⧇ āϏāĻŽā§āĻĒā§‚āĻ°ā§āĻŖ āϰāĻŋ-āϞ⧇āĻŦāϞ (relabel) āĻ•āϰāĻž āĻšāϞ⧇āĻ“ āĻ•āύāĻŸā§‡āĻ•ā§āϏāϟ āĻ…āĻĒāϰāĻŋāĻŦāĻ°ā§āϤāĻŋāϤ āĻĨāĻžāĻ•āĻŦ⧇āĨ¤ "semanage fcontext -a -t samba_share_t '$FIX_TARGET_PATH'" chcon -t public_content_t '$TARGET_PATH' āĻĒā§āĻ°ā§Ÿā§‹āĻ— āĻ•āϰ⧇ āĻĢāĻžāχāϞ āĻ•āύāĻŸā§‡āĻ•ā§āϏāϟ āĻĒāϰāĻŋāĻŦāĻ°ā§āϤāύ āĻ•āϰāĻž āϝāĻžāĻŦ⧇āĨ¤ āϏāĻŋāĻ¸ā§āĻŸā§‡āĻŽā§‡āϰ āĻŽāĻ§ā§āϝ⧇ āĻĄāĻŋāĻĢāĻ˛ā§āϟ āĻĢāĻžāχāϞ āĻ•āύāĻŸā§‡āĻ•ā§āϏ āĻĢāĻžāχāϞ āĻĒāϰāĻŋāĻŦāĻ°ā§āϤāύ āĻ•āϰāĻž āφāĻŦāĻļā§āϝāĻ•āĨ¤ āĻāϰ āĻĢāϞ⧇ āϏāĻŽā§āĻĒā§‚āĻ°ā§āĻŖ āϰāĻŋ-āϞ⧇āĻŦāϞ (relabel) āĻ•āϰāĻž āĻšāϞ⧇āĻ“ āĻ•āύāĻŸā§‡āĻ•ā§āϏāϟ āĻ…āĻĒāϰāĻŋāĻŦāĻ°ā§āϤāĻŋāϤ āĻĨāĻžāĻ•āĻŦ⧇āĨ¤ "semanage fcontext -a -t public_content_t '$FIX_TARGET_PATH'" chcon -t swapfile_t '$TARGET_PATH' āĻĒā§āĻ°ā§Ÿā§‹āĻ— āĻ•āϰ⧇ āĻĢāĻžāχāϞ āĻ•āύāĻŸā§‡āĻ•ā§āϏāϟ āĻĒāϰāĻŋāĻŦāĻ°ā§āϤāύ āĻ•āϰāĻž āϝāĻžāĻŦ⧇āĨ¤ āϏāĻŋāĻ¸ā§āĻŸā§‡āĻŽā§‡āϰ āĻŽāĻ§ā§āϝ⧇ āĻĄāĻŋāĻĢāĻ˛ā§āϟ āĻĢāĻžāχāϞ āĻ•āύāĻŸā§‡āĻ•ā§āϏ āĻĢāĻžāχāϞ āĻĒāϰāĻŋāĻŦāĻ°ā§āϤāύ āĻ•āϰāĻž āφāĻŦāĻļā§āϝāĻ•āĨ¤ āĻāϰ āĻĢāϞ⧇ āϏāĻŽā§āĻĒā§‚āĻ°ā§āĻŖ āϰāĻŋ-āϞ⧇āĻŦāϞ (relabel) āĻ•āϰāĻž āĻšāϞ⧇āĻ“ āĻ•āύāĻŸā§‡āĻ•ā§āϏāϟ āĻ…āĻĒāϰāĻŋāĻŦāĻ°ā§āϤāĻŋāϤ āĻĨāĻžāĻ•āĻŦ⧇āĨ¤ "semanage fcontext -a -t swapfile_t '$FIX_TARGET_PATH'" chcon -t virt_image_t '$TARGET_PATH' āĻŦā§āϝāĻŦāĻšāĻžāϰ āĻ•āϰ⧇ āĻĢāĻžāχāϞ āĻ•āύāĻŸā§‡āĻ•ā§āϏāϟ āĻĒāϰāĻŋāĻŦāĻ°ā§āϤāύ āĻ•āϰāĻž āϝāĻžāĻŦ⧇āĨ¤ āϏāĻŋāĻ¸ā§āĻŸā§‡āĻŽā§‡āϰ āĻŽāĻ§ā§āϝ⧇ āĻĄāĻŋāĻĢāĻ˛ā§āϟ āĻĢāĻžāχāϞ āĻ•āύāĻŸā§‡āĻ•ā§āϏ āĻĢāĻžāχāϞ āĻĒāϰāĻŋāĻŦāĻ°ā§āϤāύ āĻ•āϰāĻž āφāĻŦāĻļā§āϝāĻ•āĨ¤ āĻāϰ āĻĢāϞ⧇ āϏāĻŽā§āĻĒā§‚āĻ°ā§āĻŖ āϰāĻŋ-āϞ⧇āĻŦāϞ (relabel) āĻ•āϰāĻž āĻšāϞ⧇āĻ“ āĻ•āύāĻŸā§‡āĻ•ā§āϏāϟ āĻ…āĻĒāϰāĻŋāĻŦāĻ°ā§āϤāĻŋāϤ āĻĨāĻžāĻ•āĻŦ⧇āĨ¤ "semanage fcontext -a -t virt_image_t '$FIX_TARGET_PATH'" chcon -t xen_image_t '$TARGET_PATH' āĻŦā§āϝāĻŦāĻšāĻžāϰ āĻ•āϰ⧇ āĻĢāĻžāχāϞ āĻ•āύāĻŸā§‡āĻ•ā§āϏāϟ āĻĒāϰāĻŋāĻŦāĻ°ā§āϤāύ āĻ•āϰāĻž āϝāĻžāĻŦ⧇āĨ¤ āϏāĻŋāĻ¸ā§āĻŸā§‡āĻŽā§‡āϰ āĻŽāĻ§ā§āϝ⧇ āĻĄāĻŋāĻĢāĻ˛ā§āϟ āĻĢāĻžāχāϞ āĻ•āύāĻŸā§‡āĻ•ā§āϏ āĻĢāĻžāχāϞ āĻĒāϰāĻŋāĻŦāĻ°ā§āϤāύ āĻ•āϰāĻž āφāĻŦāĻļā§āϝāĻ•āĨ¤ āĻāϰ āĻĢāϞ⧇ āϏāĻŽā§āĻĒā§‚āĻ°ā§āĻŖ āϰāĻŋ-āϞ⧇āĻŦāϞ (relabel) āĻ•āϰāĻž āĻšāϞ⧇āĻ“ āĻ•āύāĻŸā§‡āĻ•ā§āϏāϟ āĻ…āĻĒāϰāĻŋāĻŦāĻ°ā§āϤāĻŋāϤ āĻĨāĻžāĻ•āĻŦ⧇āĨ¤ "semanage fcontext -a -t xen_image_t '$FIX_TARGET_PATH'" āφāĻĒāύāĻžāϰ āĻ•āĻŽā§āĻĒāĻŋāωāϟāĻžāϰ⧇āϰ āĻĢāĻžāχāϞ-āϏāĻŋāĻ¸ā§āĻŸā§‡āĻŽ āĻĒ⧁āύāϰāĻžā§Ÿ āϞ⧇āĻŦ⧇āϞ āĻ•āϰāϤ⧇ root āĻĒāϰāĻŋāĻšā§Ÿā§‡ āωāĻ˛ā§āϞāĻŋāĻ–āĻŋāϤ āĻ•āĻŽāĻžāĻ¨ā§āĻĄ āĻĒā§āĻ°ā§Ÿā§‹āĻ— āĻ•āϰ⧁āύ: "touch /.autorelabel; reboot" āĻāχ āĻŦā§āϝāĻŦāĻšāĻžāϰāĻžāϧāĻŋāĻ•āĻžāϰ āĻĒā§āϰāĻĻāĻžāύ⧇āϰ āϜāĻ¨ā§āϝ āĻ¸ā§āĻĨāĻžāĻ¨ā§€ā§Ÿ āĻĒāϞāĻŋāϏāĻŋ āĻŽāĻĄāĻŋāωāϞ āύāĻŋāĻ°ā§āĻŽāĻžāĻŖ āĻ•āϰāĻž āϝāĻžāĻŦ⧇ - FAQ āĻĒ⧜⧁āύ āĻ…āύ⧁āĻ—ā§āϰāĻš āĻ•āϰ⧇ āĻāĻ•āϟāĻŋ āĻŦāĻžāĻ— āϰāĻŋāĻĒā§‹āĻ°ā§āϟ āĻĻāĻžā§Ÿā§‡āϰ āĻ•āϰ⧁āύāĨ¤ āĻāχ āĻŦā§āϝāĻŦāĻšāĻžāϰāĻžāϧāĻŋāĻ•āĻžāϰ āĻĒā§āϰāĻĻāĻžāύ⧇āϰ āϜāĻ¨ā§āϝ āĻ¸ā§āĻĨāĻžāĻ¨ā§€ā§Ÿ āĻĒāϞāĻŋāϏāĻŋ āĻŽāĻĄāĻŋāωāϞ āύāĻŋāĻ°ā§āĻŽāĻžāĻŖ āĻ•āϰāĻž āϝāĻžāĻŦ⧇ - FAQ āĻĒ⧜⧁āύ restorecon āĻ•āĻŽāĻžāĻ¨ā§āĻĄ āĻĒā§āĻ°ā§Ÿā§‹āĻ— āĻ•āϰ⧇ āĻĄāĻŋāĻĢāĻ˛ā§āϟ āϏāĻŋāĻ¸ā§āĻŸā§‡āĻŽ āĻ•āύāĻŸā§‡āĻ•ā§āϏ āĻĒ⧁āύāϰ⧁āĻĻā§āϧāĻžāϰ āĻ•āϰāĻž āϝāĻžāĻŦ⧇: restorecon '$TARGET_PATH'āĨ¤ āĻĄāĻŋāϰ⧇āĻ•ā§āϟāϰāĻŋāϰ āĻ•ā§āώ⧇āĻ¤ā§āϰ⧇ restorecon -R '$TARGET_PATH' āĻĒā§āĻ°ā§Ÿā§‹āĻ— āĻ•āϰ⧇ āϰāĻŋāĻ•āĻžāĻ°ā§āϏāĻŋāĻ­ āϰ⧂āĻĒ⧇ āĻĒ⧁āύāϰ⧁āĻĻā§āϧāĻžāϰ āĻ•āϰāĻž āϝāĻžāĻŦ⧇āĨ¤ āφāĻĒāύāĻžāϰ āϏāĻŋāĻ¸ā§āĻŸā§‡āĻŽ āϗ⧁āϰ⧁āϤāϰāĻ­āĻžāĻŦ⧇ āĻŦāĻŋāĻĒāĻĻāĻ—ā§āϰāĻ¸ā§āϤ āĻšāϤ⧇ āĻĒāĻžāϰ⧇! āφāĻĒāύāĻžāϰ āϏāĻŋāĻ¸ā§āĻŸā§‡āĻŽ āϗ⧁āϰ⧁āϤāϰāĻ­āĻžāĻŦ⧇ āĻŦāĻŋāĻĒāĻĻāĻ—ā§āϰāĻ¸ā§āϤ āĻšāϤ⧇ āĻĒāĻžāϰ⧇! $SOURCE_PATH āĻĻā§āĻŦāĻžāϰāĻž low āĻ•āĻžāĻ°ā§āύ⧇āϞ āĻŽā§‡āĻŽāϰāĻŋ mmap āĻ•āϰāĻžāϰ āĻĒā§āϰāĻšā§‡āĻˇā§āϟāĻž āĻ•āϰāĻž āĻšā§Ÿā§‡āϛ⧇āĨ¤ āφāĻĒāύāĻžāϰ āϏāĻŋāĻ¸ā§āĻŸā§‡āĻŽ āϗ⧁āϰ⧁āϤāϰāĻ­āĻžāĻŦ⧇ āĻŦāĻŋāĻĒāĻĻāĻ—ā§āϰāĻ¸ā§āϤ āĻšāϤ⧇ āĻĒāĻžāϰ⧇! $SOURCE_PATH āĻĻā§āĻŦāĻžāϰāĻž āĻāĻ•āϟāĻŋ āĻ•āĻžāĻ°ā§āύ⧇āϞ āĻŽāĻĄāĻŋāωāϞ āϞ⧋āĻĄ āĻ•āϰāĻžāϰ āĻĒā§āϰāĻšā§‡āĻˇā§āϟāĻž āĻ•āϰāĻž āĻšā§Ÿā§‡āϛ⧇āĨ¤ āφāĻĒāύāĻžāϰ āϏāĻŋāĻ¸ā§āĻŸā§‡āĻŽ āϗ⧁āϰ⧁āϤāϰāĻ­āĻžāĻŦ⧇ āĻŦāĻŋāĻĒāĻĻāĻ—ā§āϰāĻ¸ā§āϤ āĻšāϤ⧇ āĻĒāĻžāϰ⧇! $SOURCE_PATH āĻĻā§āĻŦāĻžāϰāĻž SELinux āĻŦāĻžāĻ¸ā§āϤāĻŦāĻžā§Ÿāύ⧇āϰ āĻ…āĻŦāĻ¸ā§āĻĨāĻž āĻĒāϰāĻŋāĻŦāĻ°ā§āϤāύ⧇āϰ āĻĒā§āϰāĻšā§‡āĻˇā§āϟāĻž āĻ•āϰāĻž āĻšā§Ÿā§‡āϛ⧇āĨ¤ āφāĻĒāύāĻžāϰ āϏāĻŋāĻ¸ā§āĻŸā§‡āĻŽ āϗ⧁āϰ⧁āϤāϰāĻ­āĻžāĻŦ⧇ āĻŦāĻŋāĻĒāĻĻāĻ—ā§āϰāĻ¸ā§āϤ āĻšāϤ⧇ āĻĒāĻžāϰ⧇! $SOURCE_PATH āĻĻā§āĻŦāĻžāϰāĻž āĻ•āĻžāĻ°ā§āύ⧇āϞ⧇āϰ āĻ•āύāĻĢāĻŋāĻ—āĻžāϰ⧇āĻļāύ⧇āϰ āĻĒā§āϰāĻšā§‡āĻˇā§āϟāĻž āĻ•āϰāĻž āĻšā§Ÿā§‡āϛ⧇āĨ¤ āϏāĻ āĻŋāĻ•āĻ­āĻžāĻŦ⧇ IPV6 āύāĻŋāĻˇā§āĻ•ā§āϰāĻŋāϝāĻŧ āĻ•āϰ⧁āύāĨ¤ 'yum remove mozplugger' āϏāĻšāϝ⧋āϗ⧇ mozplluger āĻĒā§āϝāĻžāϕ⧇āϜāϟāĻŋ āϏāϰāĻŋā§Ÿā§‡ āĻĢ⧇āϞ⧁āύ āĻ…āĻĨāĻŦāĻž Firefox āĻĒā§āϞāĻžāĻ—-āχāύ⧇āϰ āϜāĻ¨ā§āϝ SELinux-āϰ āϏāĻ•ā§āϰāĻŋ⧟ āĻŽā§‹āĻĄ (enforcement) āĻŦāĻ¨ā§āϧ āĻ•āϰ⧁āύāĨ¤ setsebool -P unconfined_mozilla_plugin_transition 0 āϏāĻ‚āĻļā§āϞāĻŋāĻˇā§āϟ āĻĒā§āϰ⧋āĻ—ā§āϰāĻžāĻŽāϟāĻŋāϰ āϏāĻžā§āϚāĻžāϞāύāĻž āϚāĻžāϞāĻŋā§Ÿā§‡ āϝ⧇āϤ⧇ āχāĻšā§āϛ⧁āĻ• āĻšāϞ⧇, āĻāχ āĻ•āĻ°ā§āĻŽā§‡āϰ āĻ…āύ⧁āĻŽāϤāĻŋ āĻĒā§āϰāĻĻāĻžāύ āĻ•āϰāĻž āφāĻŦāĻļā§āϝāĻ•āĨ¤ āĻ•āĻŽāĻžāĻ¨ā§āĻĄ-āϞāĻžāχāύ⧇ āύāĻŋāĻŽā§āύāϞāĻŋāĻ–āĻŋāϤ āĻ•āĻŽāĻžāĻ¨ā§āĻĄ āϏāĻšāϝ⧋āϗ⧇ āĻāχ āĻ…āύ⧁āĻŽāϤāĻŋ āĻĒā§āϰāĻĻāĻžāύ āĻ•āϰāĻž āϏāĻŽā§āĻ­āĻŦ āĻšāĻŦ⧇: # setsebool -P mmap_low_allowed 1 %s-āϰ āĻ•ā§āώ⧇āĻ¤ā§āϰ⧇ file type āĻ­āĻŋāĻ¨ā§āύ āĻ…āĻ¨ā§āϝ āϕ⧋āύ⧋ type āύāĻŋāĻ°ā§āϧāĻžāϰāϪ⧇āϰ āĻĒā§āϰāĻšā§‡āĻˇā§āϟāĻž āĻ•āϰāĻž āĻšā§Ÿā§‡āĻ›āĻŋāϞāĨ¤ āĻāϟāĻŋ āĻ…āύ⧁āĻŽā§‹āĻĻāĻŋāϤ āύ⧟ āĻ“ āĻāĻ•āϟāĻŋ file type āϧāĻžāĻ°ā§āϝ āĻ•āϰāĻž āφāĻŦāĻļā§āϝāĻ•āĨ¤ seinfo āĻ•āĻŽāĻžāĻ¨ā§āĻĄ āϏāĻšāϝ⧋āϗ⧇ āϏāĻ°ā§āĻŦāϧāϰāύ⧇āϰ file type-āϰ āϤāĻžāϞāĻŋāĻ•āĻž āϜāĻžāύāĻž āϝāĻžāĻŦ⧇āĨ¤ seinfo -afile_type -x "$BOOLEAN" āĻ“ "$WRITE_BOOLEAN" āĻŦ⧁āϞāĻŋ⧟āĻžāύ⧇āϰ āĻŽāĻžāύ true (āϏāĻ¤ā§āϝ) āĻšāϞ⧇ āĻŦā§āϝāĻŦāĻšāĻžāϰāĻžāϧāĻŋāĻ•āĻžāϰ āĻĒā§āϰāĻžāĻĒā§āϤ āĻšāĻŦ⧇: "setsebool -P $BOOLEAN=1 $WRITE_BOOLEAN=1". āϏāϤāĻ°ā§āĻ•āĻŦāĻžāĻŖā§€: "$WRITE_BOOLEAN" āĻŦ⧁āϞāĻŋ⧟āĻžāύ⧇āϰ āĻŽāĻžāύ true āĻšāϞ⧇ ftp āĻĄā§‡āĻŽāύāϕ⧇ CIFS āĻĢāĻžāχāϞ-āϏāĻŋāĻ¸ā§āĻŸā§‡āĻŽā§‡āϰ āϏāĻŽāĻ¸ā§āϤ āĻĢāĻžāχāϞ āĻ“ āĻĄāĻŋāϰ⧇āĻ•ā§āϟāϰāĻŋāϤ⧇ āϞ⧇āĻ–āĻžāϰ āĻ…āύ⧁āĻŽāϤāĻŋāϰ āĻĒāĻžāĻļāĻžāĻĒāĻžāĻļāĻŋ āϏāĻŽāĻ¸ā§āϤ āϏāĻžāĻŦāĻ°ā§āϜāύ⧀āύ āĻŦāĻŋāώ⧟āĻŦāĻ¸ā§āϤ⧁āϤ⧇ (public_content_t āĻĒā§āϰāĻ•ā§ƒāϤāĻŋāϰ āĻĢāĻžāχāϞ āĻ“ āĻĄāĻŋāϰ⧇āĻ•ā§āϟāϰāĻŋ) āϞ⧇āĻ–āĻžāϰ āĻ…āύ⧁āĻŽāϤāĻŋ āĻĒā§āϰāĻĻāĻžāύ āĻ•āϰāĻž āĻšāĻŦ⧇āĨ¤# semanage fcontext -a -t SIMILAR_TYPE '$FIX_TARGET_PATH' # restorecon -v '$FIX_TARGET_PATH'# semanage fcontext -a -t samba_share_t '$FIX_TARGET_PATH%s' # restorecon %s -v '$FIX_TARGET_PATH'# semanage fcontext -a -t virt_image_t '$FIX_TARGET_PATH' # restorecon -v '$FIX_TARGET_PATH'#semanage port -a -t PORT_TYPE -p %s $PORT_NUMBER
PORT_TYPE-āϰ āĻ•ā§āώ⧇āĻ¤ā§āϰ⧇ āύāĻŋāĻŽā§āύāϞāĻŋāĻ–āĻŋāϤ āϝ⧇ āϕ⧋āύ⧋ āĻāĻ•āϟāĻŋ āĻŽāĻžāύ āĻĒā§āĻ°ā§Ÿā§‹āĻ— āĻ•āϰāĻž āĻšāĻŦ⧇: %s. āĻāĻ•āϟāĻŋ āĻĒā§āϰāϏ⧇āϏ āϏāĻŽā§āĻ­āĻŦāϤ āϏāĻŋāĻ¸ā§āĻŸā§‡āĻŽā§‡ āĻšā§āϝāĻžāĻ• āĻ•āϰāĻžāϰ āĻĒā§āϰāĻšā§‡āĻˇā§āϟāĻž āĻ•āϰāϛ⧇āĨ¤/etc/sysctl.conf-āϰ āĻŽāĻ§ā§āϝ⧇ net.ipv6.conf.all.disable_ipv6 = 1 āϝ⧋āĻ— āĻ•āϰ⧁āύ āύāĻŋāϰāĻžāĻĒāĻ¤ā§āϤāĻž āϏāĻ‚āĻ•ā§āϰāĻžāĻ¨ā§āϤ āĻ…ā§āϝāĻžāĻĄāĻŽāĻŋāύāĻŋāĻ¸ā§āĻŸā§āϰ⧇āϟāϰ⧇āϰ āϏāĻžāĻĨ⧇ āϝ⧋āĻ—āĻžāϝ⧋āĻ— āĻ•āϰ⧇ āĻāχ āϏāĻŽāĻ¸ā§āϝāĻž āϏāĻŽā§āĻĒāĻ°ā§āϕ⧇ āϜāĻžāύāĻžāύāĨ¤āĻ•āύāĻŸā§‡āĻ•ā§āϏāϟ āĻĒ⧁āύāϰ⧁āĻĻā§āϧāĻžāϰ āĻ•āϰ⧁āύāĻ•āύāĻŸā§‡āĻ•ā§āϏāϟ āĻĒ⧁āύāϰ⧁āĻĻā§āϧāĻžāϰ āĻ•āϰ⧁āύSELinux āĻĻā§āĻŦāĻžāϰāĻž $SOURCE_PATH-āϕ⧇ "$ACCESS" āĻ•āϰāϤ⧇ āĻĒā§āϰāϤāĻŋāϰ⧋āϧ āĻ•āϰāĻž āĻšā§Ÿā§‡āϛ⧇āĨ¤āĻŽā§‡āĻŽāϰāĻŋāϰ āύāĻŋāϰāĻžāĻĒāĻ¤ā§āϤāĻž āĻŦā§āϝāĻŦāĻ¸ā§āĻĨāĻž āĻŦāĻ¨ā§āϧ āĻ•āϰ⧁āύāĻ…āϧāĻŋāĻ• āĻŦāĻŋāĻŦāϰāϪ⧇āϰ āϜāĻ¨ā§āϝ '%s' man āĻĒ⧃āĻˇā§āĻ āĻž āĻĒ⧜āϤ⧇ āĻĒāĻžāϰ⧇āύāĨ¤āφāĻĒāύāĻŋ āĻšā§āϝāĻžāĻ•āĻŋāĻ‚ā§Ÿā§‡āϰ āĻļāĻŋāĻ•āĻžāϰ āĻšā§Ÿā§‡ āĻĨāĻžāĻ•āϤ⧇ āĻĒāĻžāϰ⧇āύāĨ¤$FIX_TARGET_PATH-āϰ āϞ⧇āĻŦ⧇āϞ āĻĒāϰāĻŋāĻŦāĻ°ā§āϤāύ āĻ•āϰāĻž āφāĻŦāĻļā§āϝāĻ•$TARGET_BASE_PATH-āϰ āϞ⧇āĻŦ⧇āϞ āĻĒāϰāĻŋāĻŦāĻ°ā§āϤāύ āĻ•āϰāĻž āφāĻŦāĻļā§āϝāĻ•$TARGET_BASE_PATH-āϰ āϞ⧇āĻŦ⧇āϞ public_content_t āĻ…āĻĨāĻŦāĻž public_content_rw_t āϰ⧂āĻĒ⧇ āĻĒāϰāĻŋāĻŦāĻ°ā§āϤāύ āĻ•āϰāĻž āφāĻŦāĻļā§āϝāĻ•āĨ¤$TARGET_BASE_PATH'-āϰ āϞ⧇āĻŦ⧇āϞ āĻĒāϰāĻŋāĻŦāĻ°ā§āϤāύ āĻ•āϰāĻž āφāĻŦāĻļā§āϝāĻ•$TARGET_PATH-āϰ āϞ⧇āĻŦ⧇āϞāϟāĻŋ āϏāĻŽāϤ⧂āĻ˛ā§āϝ āĻĒā§āϰāĻ•ā§ƒāϤāĻŋāϰ āĻĄāĻŋāĻ­āĻžāχāϏ⧇ āĻĒāϰāĻŋāĻŦāĻ°ā§āϤāύ āĻ•āϰāĻž āφāĻŦāĻļā§āϝāĻ•āĨ¤'$FIX_TARGET_PATH'-āϰ āϞ⧇āĻŦ⧇āϞ āĻĒāϰāĻŋāĻŦāĻ°ā§āϤāύ āĻ•āϰāĻž āφāĻŦāĻļā§āϝāĻ•āĻāϟāĻŋ āĻŦāĻžāĻ— āĻšāĻŋāϏāĻžāĻŦ⧇ āĻĻāĻžā§Ÿā§‡āϰ āĻ•āϰāĻž āωāϚāĻŋāϤāĨ¤ āĻāχ āĻ…āϧāĻŋāĻ•āĻžāϰ āĻĒā§āϰāĻĻāĻžāύ āĻ•āϰāĻžāϰ āϜāĻ¨ā§āϝ āĻ¸ā§āĻĨāĻžāĻ¨ā§€ā§Ÿ āύāĻŋ⧟āĻŽāύ⧀āϤāĻŋāϰ āĻŽāĻĄāĻŋāωāϞ āĻĒā§āϰāĻ¸ā§āϤ⧁āϤ āĻ•āϰāĻž āϝāĻžāĻŦ⧇āĨ¤āĻŦāĻžāĻ— āϰ⧂āĻĒ⧇ āĻāϟāĻŋ āĻĻāĻžā§Ÿā§‡āϰ āĻ•āϰ⧁āύāĨ¤ āĻāχ āĻ…āϧāĻŋāĻ•āĻžāϰ dontaudit āϰ⧂āĻĒ⧇ āϚāĻŋāĻšā§āύāĻŋāϤ āĻ•āϰāĻžāϰ āϜāĻ¨ā§āϝ āĻāĻ•āϟāĻŋ āĻ¸ā§āĻĨāĻžāĻ¨ā§€ā§Ÿ āĻĒāϞāĻŋāϏāĻŋ āĻŽāĻĄāĻŋāωāϞ āĻĒā§āϰāĻ¸ā§āϤ⧁āϤ āĻ•āϰāĻž āϝāĻžāĻŦ⧇āĨ¤execstack -c %sāϝāĻĻāĻŋ āĻšā§āϝāĻžāĻ•āĻŋāĻ‚ā§Ÿā§‡āϰ āϏāĻŽā§āĻ­āĻžāĻŦāύāĻž āĻĻ⧇āĻ–āĻž āĻĻā§‡ā§Ÿsetsebool -P %s %sāĻ¤ā§āϰ⧁āϟāĻŋāĻĒā§‚āĻ°ā§āĻŖ āĻĢāĻžāχāϞ⧇āϰ āĻĒāĻžāĻĨ āĻĒā§āϰāĻžāĻĒā§āϤ āĻ•āϰ⧇ āĻ“ āĻĒ⧁āύāϰāĻžāϝāĻŧ āĻ¤ā§āϰ⧁āϟāĻŋ āĻ‰ā§ŽāĻĒāĻ¨ā§āύ āĻ•āϰāĻžāϰ āϜāĻ¨ā§āϝ āϏāĻŽā§āĻĒā§‚āĻ°ā§āĻŖ āĻ…āĻĄāĻŋāϟāĻŋāĻ‚ āĻŦā§āϝāĻŦāĻ¸ā§āĻĨāĻž āϏāĻ•ā§āϰāĻŋāϝāĻŧ āĻ•āϰ⧁āύāĨ¤SELinux āĻ•āύāĻŸā§‡āĻ•ā§āϏāϟ āĻŦā§āϝāϤ⧀āϤ āĻ…āĻ¨ā§āϝāĻžāĻ¨ā§āϝ āϏāĻ•āϞ āĻ…āύ⧁āĻŽāϤāĻŋ āĻ…āĻĒāϰāĻŋāĻŦāĻ°ā§āϤāĻŋāϤ āϰāĻžāĻ–āϤ⧇ "cp -P" āϧāϰāύ⧇āϰ āϕ⧋āύ⧋ āĻ•āĻŽāĻžāĻ¨ā§āĻĄ āĻĒā§āĻ°ā§Ÿā§‹āĻ— āĻ•āϰ⧁āύāĨ¤restorecon āϏāĻžā§āϚāĻžāϞāύ āĻ•āϰāĻž āϝāĻžāĻŦ⧇āĨ¤āĻ•āύāĻĢāĻžāχāύ āĻ•āϰāĻž āĻ…ā§āϝāĻžāĻĒā§āϞāĻŋāϕ⧇āĻļāύ āĻĻā§āĻŦāĻžāϰāĻž āĻāχ āĻ…āϧāĻŋāĻ•āĻžāϰ āĻĒā§āĻ°ā§Ÿā§‹āϜāύ āĻšāĻŦ⧇ āύāĻžāĨ¤ āϏāĻŽā§āĻ­āĻŦāϤ āφāĻĒāύāĻŋ āĻšā§āϝāĻžāĻ•āĻŋāĻ‚ āφāĻ•ā§āϰāĻŽāϪ⧇āϰ āĻļāĻŋāĻ•āĻžāϰ āĻšā§Ÿā§‡āϛ⧇āύāĨ¤āĻ•āύāĻĢāĻžāχāύ āĻ•āϰāĻž āĻ…ā§āϝāĻžāĻĒā§āϞāĻŋāϕ⧇āĻļāύ āĻĻā§āĻŦāĻžāϰāĻž āĻāχ āĻ…āϧāĻŋāĻ•āĻžāϰ āĻĒā§āĻ°ā§Ÿā§‹āϜāύ āĻšāĻŦ⧇ āύāĻžāĨ¤ āϏāĻŽā§āĻ­āĻŦāϤ āφāĻĒāύāĻŋ āĻšā§āϝāĻžāĻ•āĻŋāĻ‚ āφāĻ•ā§āϰāĻŽāϪ⧇āϰ āĻļāĻŋāĻ•āĻžāϰ āĻšā§Ÿā§‡āϛ⧇āύāĨ¤āĻāχ āĻ…āϧāĻŋāĻ•āĻžāϰ āĻ…āĻ¤ā§āϝāĻ¨ā§āϤ āĻŦāĻŋāĻĒāĻœā§āϜāύāĻ• āĻāĻŦāĻ‚ āϏāĻŽā§āĻ­āĻŦ āφāĻĒāύāĻŋ āϕ⧋āύ⧋ āĻšā§āϝāĻžāĻ•āĻŋāĻ‚ āφāĻ•ā§āϰāĻŽāϪ⧇āϰ āĻļāĻŋāĻ•āĻžāϰ āĻšā§Ÿā§‡āϛ⧇āύāĨ¤$TARGET_PATH-āϰ āϞ⧇āĻŦ⧇āϞ āĻĒāϰāĻŋāĻŦāĻ°ā§āϤāύ āĻ•āϰāĻž āφāĻŦāĻļā§āϝāĻ•āĨ¤āϞ⧇āĻŦ⧇āϞāϗ⧁āϞāĻŋ āϏāĻ‚āĻļā§‹āϧāύ āĻ•āϰāĻž āφāĻŦāĻļā§āϝāĻ•āĨ¤cert āĻĢāĻžāχāϞāϟāĻŋ ~/.cert āĻĄāĻŋāϰ⧇āĻ•ā§āϟāϰāĻŋāϰ āĻŽāĻ§ā§āϝ⧇ āĻ¸ā§āĻĨāĻžāύāĻžāĻ¨ā§āϤāϰ āĻ•āϰāĻž āφāĻŦāĻļā§āϝāĻ•āĻāĻ•āϟāĻŋ āĻŦ⧈āϧ file āϞ⧇āĻŦ⧇āϞ āύāĻŋāĻ°ā§āĻŦāĻžāϚāύ āĻ•āϰāĻž āφāĻŦāĻļā§āϝāĻ•āĨ¤mozplugger āĻĒā§āϝāĻžāϕ⧇āϜ āϏāϰāĻŋā§Ÿā§‡ āĻĢ⧇āϞāĻž āφāĻŦāĻļā§āϝāĻ•āĨ¤āĻāχ āĻ…āύ⧁āĻŽāϤāĻŋ āĻĒā§āϰāĻĻāĻžāύ āĻ•āϰāĻžāϰ āϜāĻ¨ā§āϝ SELinux āĻĒā§āϰāĻ¸ā§āϤ⧁āϤ āĻ•āϰāĻž āφāĻŦāĻļā§āϝāĻ•SELinux-āϕ⧇ āĻāχ āϏāĻŽā§āĻĒāĻ°ā§āϕ⧇ āϏ⧂āϚāĻŋāϤ āĻ•āϰāĻž āφāĻŦāĻļā§āϝāĻ•'httpd_unified' āĻ“ 'http_enable_cgi' āĻŦ⧁āϞāĻŋ⧟āĻžāύāϗ⧁āϞāĻŋ āϏāĻ•ā§āϰāĻŋ⧟ āĻ•āϰ⧇ SELinux-āϕ⧇ āĻāχ āϏāĻŽā§āĻĒāĻ°ā§āϕ⧇ āϏ⧂āϚāĻŋāϤ āĻ•āϰ⧁āύvbetool_mmap_zero_ignore āĻŦ⧁āϞāĻŋ⧟āĻžāύ āϏāĻ•ā§āϰāĻŋ⧟ āĻ•āϰ⧇ SELinux-āϕ⧇ āĻāχ āϏāĻŽā§āĻĒāĻ°ā§āϕ⧇ āϏ⧂āϚāĻŋāϤ āĻ•āϰāĻž āφāĻŦāĻļā§āϝāĻ•āĨ¤wine_mmap_zero_ignore āĻŦ⧁āϞāĻŋ⧟āĻžāύāϟāĻŋ āϏāĻ•ā§āϰāĻŋ⧟ āĻ•āϰ⧇ SELinux-āϕ⧇ āĻāχ āϏāĻŽā§āĻĒāĻ°ā§āϕ⧇ āϏ⧂āϚāĻŋāϤ āĻ•āϰāĻž āφāĻŦāĻļā§āϝāĻ•āĨ¤Firefox āĻĒā§āϞāĻžāĻ—-āχāύ⧇āϰ āĻ•ā§āώ⧇āĻ¤ā§āϰ⧇ SELinux āύāĻŋ⧟āĻ¨ā§āĻ¤ā§āϰāĻŖ āĻŦāĻ¨ā§āϧ āĻ•āϰāĻž āφāĻŦāĻļā§āϝāĻ•āĨ¤āĻāϟāĻŋāϰ āϜāĻ¨ā§āϝ āϞ⧇āĻŦ⧇āϞ āĻĒā§āĻ°ā§Ÿā§‹āĻ— āĻ•āϰāĻž āφāĻŦāĻļā§āϝāĻ•āĨ¤$TARGET_PATH-āϰ āϞ⧇āĻŦ⧇āϞ public_content_rw_t-āĻ āĻĒāϰāĻŋāĻŦāĻ°ā§āϤāύ āĻ•āϰ⧇ allow_httpd_sys_script_anon_write āĻŦ⧁āϞāĻŋ⧟āĻžāύ⧇āϰ āĻŽāĻžāύ āϏāĻŽā§āĻ­āĻŦāϤ āϚāĻžāϞ⧁ āĻ•āϰāĻž āĻĒā§āĻ°ā§Ÿā§‹āϜāύāĨ¤āĻĒ⧁āύāϰāĻžā§Ÿ āϏāĻŽā§āĻĒā§‚āĻ°ā§āĻŖāϰ⧂āĻĒ⧇ āϞ⧇āĻŦ⧇āϞ āĻ•āϰāĻž āφāĻŦāĻļā§āϝāĻ•āĨ¤āĻāĻ•āϟāĻŋ āĻŦāĻžāĻ— āĻĻāĻžāϝāĻŧ⧇āϰ āĻ•āϰāĻž āφāĻŦāĻļā§āϝāĻ•āĨ¤ āĻāϟāĻŋ āϏāĻŽā§āĻ­āĻŦāϤ āĻŦāĻŋāĻĒāĻœā§āϜāύāĻ•āĻ­āĻžāĻŦ⧇ āĻŦā§āϝāĻŦāĻšāĻžāϰ⧇āϰ āĻĒā§āϰāĻšā§‡āĻˇā§āϟāĻžāĨ¤āĻŦāĻžāĻ— āϏāĻŽā§āĻĒāĻ°ā§āϕ⧇ āϏ⧂āϚāĻŋāϤ āĻ•āϰāĻž āφāĻŦāĻļā§āϝāĻ•āĨ¤ āĻāχ āϧāϰāύ⧇āϰ āĻŦā§āϝāĻŦāĻšāĻžāϰ⧇āϰ āĻ…āϧāĻŋāĻ•āĻžāϰ⧇āϰ āĻĢāϞ⧇ āĻŦāĻŋāĻĒāĻĻ āĻĻ⧇āĻ–āĻž āĻĻāĻŋāϤ⧇ āĻĒāĻžāϰ⧇āĨ¤/proc/sys/net/ipv6/conf/all/disable_ipv6-āϰ āĻŽāĻžāύ 1 āĻšāĻŋāϏāĻžāĻŦ⧇ āύāĻŋāĻ°ā§āϧāĻžāϰāĻŖ āĻ•āϰāĻž āφāĻŦāĻļā§āϝāĻ• āĻ“ āĻāχ āĻŽāĻĄāĻŋ⧁āϞāϟāĻŋ āĻŦā§āĻ˛ā§āϝāĻžāĻ•-āϞāĻŋāĻ¸ā§āϟ āĻ•āϰāĻŦ⧇āύ āύāĻž'āĻ­āĻŋāĻ¨ā§āύ āĻ•āĻŽāĻžāĻ¨ā§āĻĄ āĻŦā§āϝāĻŦāĻšāĻžāϰ āĻ•āϰāĻž āφāĻŦāĻļā§āϝāĻ•āĨ¤ āωāĻĻā§āĻĻāĻŋāĻˇā§āϟ āĻĢāĻžāχāϞ-āϏāĻŋāĻ¸ā§āĻŸā§‡āĻŽā§‡āϰ āĻŽāĻ§ā§āϝ⧇ SELinux āĻ•āύāĻŸā§‡āĻ•ā§āϏāϟ āϏāĻ‚āϰāĻ•ā§āώāĻŖ āĻ•āϰāĻžāϰ āĻ…āύ⧁āĻŽāϤāĻŋ āύ⧇āχāĨ¤execstack āĻĢā§āĻ˛ā§āϝāĻžāĻ— āĻŽā§āϛ⧇ āĻŽā§āϛ⧇ āϝāĻžāϚāĻžāχ āĻ•āϰ⧁āύ $SOURCE_PATH āϏāĻ āĻŋāĻ•āĻ­āĻžāĻŦ⧇ āϚāϞāϛ⧇ āĻ•āĻŋ āύāĻžāĨ¤ %s-āĻ āĻāϟāĻŋ āĻŦāĻžāĻ— āĻšāĻŋāϏāĻžāĻŦ⧇ āĻĻāĻžāĻ–āĻŋāϞ āĻ•āϰ⧁āύāĨ¤ āύāĻŋāĻŽā§āύāϞāĻŋāĻ–āĻŋāϤ āĻ•āĻŽāĻžāĻ¨ā§āĻĄ āϏāĻšāϝ⧋āϗ⧇ exestack āĻĢā§āĻ˛ā§āϝāĻžāĻ— āĻŽā§āϛ⧇ āĻĢ⧇āϞāĻž āϝāĻžāĻŦ⧇: