the “perb” seems to be SELinux “missing context”.
SELinux vs AppArmor
https://security.stackexchange.com/questions/29378/comparison-between-apparmor-and-selinux
hostnamectrl; # tested on
CentOS Linux 7 (Core)
Kernel: Linux 3.10.0-1062.12.1.el7.x86_64
# with latest updates as available in 2020-02
As told above, try first:
setenforce 0; # temporarily disable SELinux, can files know be seen?
if the files appear, then it’s a SELinux missing context. Enable SELinux again, then add context to folder:
setenforce 1; # enable SELinux again # add missing context chcon -Rt samba_share_t /srv/samba/share
What is SELinux context?
SELinux is the “mysterious beast” build by the NSA and lives inside almost EVERY Linux.
This sounds like a bad thing – but it is said to be done with “good intentions” making the Linux system more secure, while at the same time being 100% Open Source (GitHub Repo https://github.com/SELinuxProject/selinux) (no Trojans included… they come preinstalled with windows (CORTANA STOP LISTENING ON US!) and in cisco switch and routers)
Also IN CONTRAST TO CORTANA: If one does not trust it – one can shut it down.
based on RedHat: Processes and files are labeled with an SELinux context that contains additional information, such as:
- SELinux user
- SELinux role
- SELinux type
and, optionally:
- SELinux level
when running SELinux, all of this information is used to make access control decisions.
In Red Hat Enterprise Linux, SELinux provides a combination of:
and optionally:
as any good password policy every administrator should have:
- level1 (everyone may know)
- level2 (only inner circle may know (staff))
and
- level3 (only admin may know)
security services work in a similar fashion:
Manpages:
How do security service clearances levels work?
By example: the US gov
“…can be issued by many US gov agencies, including the
- Department of Defense (DoD)
- Department of State (DOS)
- Department of Homeland Security (DHS)
- Department of Energy (DoE)
- Department of Justice (DoJ)
- National Security Agency (NSA)
- Central Intelligence Agency (CIA).
DoD issues more than 80% of all clearances.
There are three levels of DoD security clearances:[1]
- TOP SECRET (level3)
- Will be applied to information in which the unauthorized disclosure could reasonably be expected to cause exceptionally grave damage to the national security.
- SECRET (level2)
- Will be applied to information in which the unauthorized disclosure could reasonably be expected to cause serious damage to the national security.
- CONFIDENTIAL (level1)
- Will be applied to information in which the unauthorized disclosure could reasonably be expected to cause damage to the national security.
Additionally, the United States Department of Energy issues two levels of security clearances”
src: https://en.wikipedia.org/wiki/List_of_U.S._security_clearance_terms
… then comes WikiLeaks and declares everything public domain.
Of course they don’t like it.
liked this article?
- only together we can create a truly free world
- plz support dwaves to keep it up & running!
- (yes the info on the internet is (mostly) free but beer is still not free (still have to work on that))
- really really hate advertisement
- contribute: whenever a solution was found, blog about it for others to find!
- talk about, recommend & link to this blog and articles
- thanks to all who contribute!