typos
This commit is contained in:
2
_toc.yml
2
_toc.yml
@@ -39,7 +39,7 @@ chapters:
|
||||
sections:
|
||||
- file: admin-guide/configuration/icinga2
|
||||
- file: admin-guide/configuration/packages
|
||||
- file: admon-guide/configuration/python
|
||||
- file: admin-guide/configuration/python
|
||||
- file: admin-guide/configuration/package_updates
|
||||
- file: admin-guide/configuration/package_repositories
|
||||
- file: admin-guide/configuration/services
|
||||
|
||||
@@ -13,7 +13,7 @@ Enable or disable SELinux with `base::selinux`. Options:
|
||||
|
||||
Example:
|
||||
|
||||
```yml
|
||||
```yaml
|
||||
base::selinux_mode: 'disabled'
|
||||
```
|
||||
|
||||
@@ -25,13 +25,13 @@ The `permissive` option is useful for setting up a new server to see where SELin
|
||||
|
||||
To record such violations `auditd` needs to run:
|
||||
|
||||
```yml
|
||||
```yaml
|
||||
base::enable_auditd: true
|
||||
```
|
||||
On RHEL9 and later this is enabled by default if SELinux is `permissive` or `enforcing`.
|
||||
|
||||
Then `setroubleshootd` is very helpful to learn how to configure SELinux if an action is wrongly considered a violation:
|
||||
```yml
|
||||
```yaml
|
||||
selinux::setroubleshootd: true
|
||||
```
|
||||
On RHEL9 and later this is enabled by default if SELinux is `permissive` or `enforcing`.
|
||||
@@ -54,7 +54,7 @@ selinux::booleans: [ 'httpd_can_network_connect', 'domain_can_mmap_files']
|
||||
### File Context (`fcontext`)
|
||||
|
||||
Set fcontext for specific directories/directory
|
||||
```yml
|
||||
```yaml
|
||||
selinux::fcontext:
|
||||
logbook-data:
|
||||
pathspec: '/var/www/html/logbook-data(/.*)?'
|
||||
@@ -68,7 +68,7 @@ a unique arbitrary key name for each entry is needed.
|
||||
|
||||
If you wish to have the same fcontext configuation as another path do
|
||||
|
||||
```yml
|
||||
```yaml
|
||||
selinux::fcontext::equivalence:
|
||||
apache_ssl_conf:
|
||||
path: '/srv/online/config/ssl.conf'
|
||||
@@ -98,7 +98,7 @@ Note that the `setroubleshootd` log output ususally gives you a narrower search
|
||||
|
||||
Each such module needs to be added with a unique key at the Hiera key `selinux::modules::te`. A full example is
|
||||
|
||||
```yml
|
||||
```yaml
|
||||
selinux::modules::te:
|
||||
# SELinux is preventing /usr/local/bin/musrview from setattr access on the directory /usr/lib/fontconfig/cache
|
||||
'musrview-font-cache': |
|
||||
|
||||
Reference in New Issue
Block a user