Ū•xÜŖœ( ė) 1 VH gŸ h |p (í ™$tžI3~}Ŋü,ē/į.bFŠĻÁŨh‹F SŌ!P&"Nw"NÆ"G#]]#Oģ#k $Rw$qĘ$f<%VŖ%Vú%SQ&jĨ&B'TS'^¨'Á(tÉ(?>)Z~)YŲ)Ž3*XÂ,-,.?/ U0 _1 m2zy3šô3šŽ4†I5įĐ53¸6eė6_R7e˛7f88Āœ8¸]9Ã:ƒÚ:\^<bģ<\=+{=c§=7 ><C>:€>ģ>Ë>4Û>?,+?X??t?0´?1å?]@2u@K¨@2ô@]'Ac…AéA,ųA&Bd9BNžBíB_C]eCEÃC- D7D4PD!…D'§D$ĪD ôD_ERuEOČE9F:RFF‹ĢF7GBRGA•G^×Gs6H–ĒHĄAIųãJĨŨLuƒOšųOŧŗPŅpQBR%ÂT\čXŅEZ~[–]1§^ÁŲ_Ŗ›bŨ?e@j[^m ēo‰Įu›QzÆí}ô~}x€ö€w€œø€¤•Ä:‚¤˙‚¤ƒÂž„Á…ˆC†ƒĖ†ÛP‡š,ˆ†ĮˆÎN‰åŠÜŒāŒŅ`Đ2Ž ÷•L–fS˜iēšZ$bŸ\âĄ-?¤{mĨéĻ4¨$7Š€\ĢüŨĢųÚŦōÔ­úĮŽO¯°—-ąÅ˛ Ô´\Ūˇb;¸\ž¸+û¸z'šŸĸšSBēŦ–ēFCģPŠģbÛģ<>ŧu{ŧCņŧ•5Ŋ^ËŊ_*ž—Šžc"ŋ†ŋa$Ā$†ĀCĢÁīÂZ˙ÂZÃümÃíjÄ:XÅ“Å˛ÆÁģĮc}ČUáȊ7ÉcÂÉP&Ę}wĘbõĘÄX˧Ė¤ÅĖ˜j͙ÎbÎņĪqōĪ—dЖüĐΓŅ0bŌŽ“ĶVS_ZIN9:jx6.@gBY]F>JEvs4T5 KlfHhQ'cWk0i^ *[1oPUrMRpXe") t<=$; qC 73a(,A2m+&w\-8dbu!D#LO%nG`/? dac_override and dac_read_search capabilities usually indicates that the root process does not have access to a file based on the permission flags. This usually mean you have some file with the wrong ownership/permissions on it. SELinux denied access requested by $SOURCE. It is not expected that this access is required by $SOURCE and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. Attempt restorecon -v '$TARGET_PATH' or chcon -t SIMILAR_TYPE '$TARGET_PATH' Changing the "$BOOLEAN" boolean to true will allow this access: "setsebool -P $BOOLEAN=1" Changing the "$BOOLEAN" boolean to true will allow this access: "setsebool -P $BOOLEAN=1." Changing the "allow_ftpd_use_nfs" boolean to true will allow this access: "setsebool -P allow_ftpd_use_nfs=1." Changing the file_context to mnt_t will allow mount to mount the file system: "chcon -t mnt_t '$TARGET_PATH'." You must also change the default file context files on the system in order to preserve them even on a full relabel. "semanage fcontext -a -t mnt_t '$FIX_TARGET_PATH'" If httpd scripts should be allowed to write to public directories you need to turn on the $BOOLEAN boolean and change the file context of the public directory to public_content_rw_t. Read the httpd_selinux man page for further information: "setsebool -P $BOOLEAN=1; chcon -t public_content_rw_t " You must also change the default file context labeling files on the system in order to preserve public directory labeling even on a full relabel. "semanage fcontext -a -t public_content_rw_t " If you want $SOURCE to continue, you must turn on the $BOOLEAN boolean. Note: This boolean will affect all applications on the system. If you want httpd to send mail you need to turn on the $BOOLEAN boolean: "setsebool -P $BOOLEAN=1" If you want to allow $SOURCE to bind to port $PORT_NUMBER, you can execute # semanage port -a -t PORT_TYPE -p %s $PORT_NUMBER where PORT_TYPE is one of the following: %s. If this system is running as an NIS Client, turning on the allow_ypbind boolean may fix the problem. setsebool -P allow_ypbind=1. If you want to allow $SOURCE to connect to $PORT_NUMBER, you can execute # sandbox -X -t sandbox_net_t $SOURCE If you want to allow $SOURCE to connect to $PORT_NUMBER, you can execute # semanage port -a -t PORT_TYPE -p %s $PORT_NUMBER where PORT_TYPE is one of the following: %s. If you want to change the file context of $TARGET_PATH so that the automounter can execute it you can execute "chcon -t bin_t $TARGET_PATH". If you want this to survive a relabel, you need to permanently change the file context: execute "semanage fcontext -a -t bin_t '$FIX_TARGET_PATH'". SELinux denied access requested by $SOURCE. It is not expected that this access is required by $SOURCE and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. SELinux denied access requested by the $SOURCE command. It looks like this is either a leaked descriptor or $SOURCE output was redirected to a file it is not allowed to access. Leaks usually can be ignored since SELinux is just closing the leak and reporting the error. The application does not use the descriptor, so it will run properly. If this is a redirection, you will not get output in the $TARGET_PATH. You should generate a bugzilla on selinux-policy, and it will get routed to the appropriate package. You can safely ignore this avc. SELinux denied access to $TARGET_PATH requested by $SOURCE. $TARGET_PATH has a context used for sharing by a different program. If you would like to share $TARGET_PATH from $SOURCE also, you need to change its file context to public_content_t. If you did not intend to allow this access, this could signal an intrusion attempt. SELinux denied cvs access to $TARGET_PATH. If this is a CVS repository it needs to have a file context label of cvs_data_t. If you did not intend to use $TARGET_PATH as a CVS repository it could indicate either a bug or it could signal an intrusion attempt. SELinux denied xen access to $TARGET_PATH. If this is a XEN image, it has to have a file context label of xen_image_t. The system is setup to label image files in directory /var/lib/xen/images correctly. We recommend that you copy your image file to /var/lib/xen/images. If you really want to have your xen image files in the current directory, you can relabel $TARGET_PATH to be xen_image_t using chcon. You also need to execute semanage fcontext -a -t xen_image_t '$FIX_TARGET_PATH' to add this new path to the system defaults. If you did not intend to use $TARGET_PATH as a xen image it could indicate either a bug or an intrusion attempt. SELinux has denied the $SOURCE access to potentially mislabeled files $TARGET_PATH. This means that SELinux will not allow httpd to use these files. If httpd should be allowed this access to these files you should change the file context to one of the following types, %s. Many third party apps install html files in directories that SELinux policy cannot predict. These directories have to be labeled with a file context which httpd can access. SELinux has denied the $SOURCE_PATH from executing potentially mislabeled files $TARGET_PATH. Automounter can be setup to execute configuration files. If $TARGET_PATH is an automount executable configuration file it needs to have a file label of bin_t. If automounter is trying to execute something that it is not supposed to, this could indicate an intrusion attempt. SELinux has prevented vbetool from performing an unsafe memory operation. SELinux has prevented wine from performing an unsafe memory operation. SELinux is preventing $SOURCE_PATH "$ACCESS" access on $TARGET_PATH. SELinux is preventing $SOURCE_PATH "$ACCESS" access to $TARGET_PATH. SELinux is preventing $SOURCE_PATH "$ACCESS" to $TARGET_PATH. SELinux is preventing $SOURCE_PATH access to a leaked $TARGET_PATH file descriptor. SELinux is preventing $SOURCE_PATH from binding to port $PORT_NUMBER. SELinux is preventing $SOURCE_PATH from changing the access protection of memory on the heap. SELinux is preventing $SOURCE_PATH from connecting to port $PORT_NUMBER. SELinux is preventing $SOURCE_PATH from creating a file with a context of $SOURCE_TYPE on a filesystem. SELinux is preventing $SOURCE_PATH from loading $TARGET_PATH which requires text relocation. SELinux is preventing $SOURCE_PATH from making the program stack executable. SELinux is preventing Samba ($SOURCE_PATH) "$ACCESS" access to $TARGET_PATH. SELinux is preventing cvs ($SOURCE_PATH) "$ACCESS" access to $TARGET_PATH SELinux is preventing the $SOURCE_PATH from executing potentially mislabeled files $TARGET_PATH. SELinux is preventing the http daemon from sending mail. SELinux is preventing xen ($SOURCE_PATH) "$ACCESS" access to $TARGET_PATH. SELinux policy is preventing an httpd script from writing to a public directory. SELinux policy is preventing an httpd script from writing to a public directory. If httpd is not setup to write to public directories, this could signal an intrusion attempt. SELinux prevented $SOURCE from mounting on the file or directory "$TARGET_PATH" (type "$TARGET_TYPE"). SELinux prevented httpd $ACCESS access to http files. SELinux prevented the ftp daemon from $ACCESS files stored on a CIFS filesystem. SELinux prevented the ftp daemon from $ACCESS files stored on a NFS filesystem. The $SOURCE application attempted to change the access protection of memory on the heap (e.g., allocated using malloc). This is a potential security problem. Applications should not be doing this. Applications are sometimes coded incorrectly and request this permission. The SELinux Memory Protection Tests web page explains how to remove this requirement. If $SOURCE does not work and you need it to work, you can configure SELinux temporarily to allow this access until the application is fixed. Please file a bug report against this package. Use a command like "cp -p" to preserve all permissions except SELinux context. You can alter the file context by executing chcon -R -t rsync_data_t '$TARGET_PATH' You must also change the default file context files on the system in order to preserve them even on a full relabel. "semanage fcontext -a -t rsync_data_t '$FIX_TARGET_PATH'" You can alter the file context by executing chcon -R -t samba_share_t '$TARGET_PATH' You must also change the default file context files on the system in order to preserve them even on a full relabel. "semanage fcontext -a -t samba_share_t '$FIX_TARGET_PATH'" You can alter the file context by executing chcon -t public_content_t '$TARGET_PATH' You must also change the default file context files on the system in order to preserve them even on a full relabel. "semanage fcontext -a -t public_content_t '$FIX_TARGET_PATH'" You can alter the file context by executing chcon -t swapfile_t '$TARGET_PATH' You must also change the default file context files on the system in order to preserve them even on a full relabel. "semanage fcontext -a -t swapfile_t '$FIX_TARGET_PATH'" You can alter the file context by executing chcon -t virt_image_t '$TARGET_PATH' You must also change the default file context files on the system in order to preserve them even on a full relabel. "semanage fcontext -a -t virt_image_t '$FIX_TARGET_PATH'" You can alter the file context by executing chcon -t xen_image_t '$TARGET_PATH' You must also change the default file context files on the system in order to preserve them even on a full relabel. "semanage fcontext -a -t xen_image_t '$FIX_TARGET_PATH'" You can execute the following command as root to relabel your computer system: "touch /.autorelabel; reboot" You can generate a local policy module to allow this access - see FAQ Please file a bug report. You can generate a local policy module to allow this access - see FAQ You can restore the default system context to this file by executing the restorecon command. restorecon '$SOURCE_PATH'. You can restore the default system context to this file by executing the restorecon command. restorecon '$TARGET_PATH', if this file is a directory, you can recursively restore using restorecon -R '$TARGET_PATH'. Your system may be seriously compromised! Your system may be seriously compromised! $SOURCE_PATH attempted to mmap low kernel memory. Your system may be seriously compromised! $SOURCE_PATH tried to load a kernel module. Your system may be seriously compromised! $SOURCE_PATH tried to modify SELinux enforcement. Your system may be seriously compromised! $SOURCE_PATH tried to modify kernel configuration. Disable IPV6 properly. Either remove the mozplluger package by executing 'yum remove mozplugger' Or turn off enforcement of SELinux over the Firefox plugins. setsebool -P unconfined_mozilla_plugin_transition 0 If you decide to continue to run the program in question you will need to allow this operation. This can be done on the command line by executing: # setsebool -P mmap_low_allowed 1 You tried to place a type on a %s that is not a file type. This is not allowed, you must assigne a file type. You can list all file types using the seinfo command. seinfo -afile_type -x Changing the "$BOOLEAN" and "$WRITE_BOOLEAN" booleans to true will allow this access: "setsebool -P $BOOLEAN=1 $WRITE_BOOLEAN=1". warning: setting the "$WRITE_BOOLEAN" boolean to true will allow the ftp daemon to write to all public content (files and directories with type public_content_t) in addition to writing to files and directories on CIFS filesystems. # semanage fcontext -a -t SIMILAR_TYPE '$FIX_TARGET_PATH' # restorecon -v '$FIX_TARGET_PATH'# semanage fcontext -a -t samba_share_t '$FIX_TARGET_PATH%s' # restorecon %s -v '$FIX_TARGET_PATH'# semanage fcontext -a -t virt_image_t '$FIX_TARGET_PATH' # restorecon -v '$FIX_TARGET_PATH'# semanage port -a -t %s -p %s $PORT_NUMBER# semanage port -a -t PORT_TYPE -p %s $PORT_NUMBER where PORT_TYPE is one of the following: %s.A process might be attempting to hack into your system.Add net.ipv6.conf.all.disable_ipv6 = 1 to /etc/sysctl.conf Contact your security administrator and report this issue.Restore ContextRestore ContextSELinux is preventing $SOURCE_PATH "$ACCESS" access.Turn off memory protectionYou can read '%s' man page for more details.You might have been hacked.You must tell SELinux about this by enabling the '%s' boolean. You need to change the label on $FIX_TARGET_PATHYou need to change the label on $TARGET_BASE_PATHYou need to change the label on $TARGET_BASE_PATH to public_content_t or public_content_rw_t.You need to change the label on $TARGET_BASE_PATH'You need to change the label on $TARGET_PATH to a type of a similar device.You need to change the label on '$FIX_TARGET_PATH'You should report this as a bug. You can generate a local policy module to allow this access.You should report this as a bug. You can generate a local policy module to dontaudit this access.execstack -c %sif you think that you might have been hackedsetsebool -P %s %sturn on full auditing to get path information about the offending file and generate the error again.use a command like "cp -p" to preserve all permissions except SELinux context.you can run restorecon.you may be under attack by a hacker, since confined applications should never need this access.you may be under attack by a hacker, since confined applications should not need this access.you may be under attack by a hacker, this is a very dangerous access.you must change the labeling on $TARGET_PATH.you must fix the labels.you must move the cert file to the ~/.cert directoryyou must pick a valid file label.you must remove the mozplugger package.you must setup SELinux to allow thisyou must tell SELinux about thisyou must tell SELinux about this by enabling the 'httpd_unified' and 'http_enable_cgi' booleansyou must tell SELinux about this by enabling the vbetool_mmap_zero_ignore boolean.you must tell SELinux about this by enabling the wine_mmap_zero_ignore boolean.you must turn off SELinux controls on the Chrome plugins.you must turn off SELinux controls on the Firefox plugins.you need to add labels to it.you need to change the label on $TARGET_PATH to public_content_rw_t, and potentially turn on the allow_httpd_sys_script_anon_write boolean.you need to fully relabel.you need to report a bug. This is a potentially dangerous access.you need to report a bug. This is a potentially dangerous access.you need to set /proc/sys/net/ipv6/conf/all/disable_ipv6 to 1 and do not blacklist the module'you need to use a different command. You are not allowed to preserve the SELinux context on the target file system.you should clear the execstack flag and see if $SOURCE_PATH works correctly. Report this as a bug on %s. You can clear the exestack flag by executing:Project-Id-Version: PACKAGE VERSION Report-Msgid-Bugs-To: PO-Revision-Date: 2017-08-31 08:31-0400 Last-Translator: Copied by Zanata Language-Team: Assamese (http://www.transifex.com/projects/p/fedora/language/as/) Language: as MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Plural-Forms: nplurals=2; plural=(n != 1); X-Generator: Zanata 4.6.2 dac_override āĻ†ā§°ā§ dac_read_search āĻ•ā§āĻˇāĻŽāĻ¤āĻžāĻ¸āĻŽā§‚āĻšā§‡ āĻ¸āĻžāĻ§āĻžā§°āĻŖāĻ¤ āĻ‡āĻ‚āĻ—āĻŋāĻ¤ āĻĻāĻŋā§Ÿā§‡ āĻ¯ā§‡ ā§°ā§āĻŸ āĻĒā§ā§°āĻ•ā§ā§°āĻŋā§ŸāĻžā§° āĻ…āĻ¨ā§āĻŽāĻ¤āĻŋ āĻĢā§āĻ˛ā§‡āĻ—āĻ¸āĻŽā§‚āĻšā§° āĻ‰āĻĒā§°āĻ¤ āĻ¨āĻŋā§°ā§āĻ­ā§° āĻ•ā§°āĻŋ āĻāĻŸāĻž āĻĢāĻžāĻ‡āĻ˛āĻ˛ā§‡ āĻ…āĻ­āĻŋāĻ—āĻŽ āĻ¨āĻžāĻ‡āĨ¤ āĻ‡ āĻ¸āĻžāĻ§āĻžā§°āĻŖāĻ¤ āĻŦā§āĻœāĻžā§Ÿ āĻ†āĻĒā§‹āĻ¨āĻžā§° āĻ­ā§‚āĻ˛ āĻ…āĻ§āĻŋāĻ•āĻžā§°āĻ¤ā§āĻŦ/āĻ…āĻ¨ā§āĻŽāĻ¤āĻŋ āĻĨāĻ•āĻž āĻ•āĻŋāĻ›ā§āĻŽāĻžāĻ¨ āĻĢāĻžāĻ‡āĻ˛ āĻ†āĻ›ā§‡āĨ¤ SELinux āĻ $SOURCE āĻĻā§āĻŦāĻžā§°āĻž āĻ…āĻ¨ā§ā§°ā§‹āĻ§ āĻ•ā§°āĻž āĻ…āĻ­āĻŋāĻ—āĻŽ āĻ¨āĻžāĻ•āĻš āĻ•ā§°āĻŋāĻ˛ā§‡āĨ¤ āĻāĻ‡ āĻ…āĻ­āĻŋāĻ—āĻŽ $SOURCE āĻĻā§āĻŦāĻžā§°āĻž āĻĒā§ā§°ā§Ÿā§‹āĻœāĻ¨ āĻšāĻŦ āĻŦā§āĻ˛āĻŋ āĻ†āĻļāĻž āĻ•ā§°āĻž āĻšā§‹ā§ąāĻž āĻ¨āĻžāĻ‡ āĻ†ā§°ā§ āĻāĻ‡ āĻ¸āĻ‚āĻ•ā§‡āĻ¤ā§‡ āĻāĻŸāĻž āĻ…āĻ¨āĻžāĻ§āĻŋāĻ•āĻžā§° āĻĒā§ā§°ā§ąā§‡āĻļā§° āĻ‡āĻ‚āĻ—āĻŋāĻ¤ āĻĻāĻŋāĻŦ āĻĒāĻžā§°ā§‡āĨ¤ āĻ¸āĻŽā§āĻ­āĻŦ āĻšāĻŦ āĻĒāĻžā§°ā§‡ āĻ¯ā§‡ āĻāĻĒā§āĻ˛āĻŋāĻ•ā§‡āĻšāĻ¨ā§° āĻŦāĻŋāĻļā§‡āĻˇ āĻ¸āĻ‚āĻ¸ā§āĻ•ā§°āĻŖ āĻ…āĻĨāĻŦāĻž āĻ¸āĻ‚ā§°ā§‚āĻĒā§‡ āĻ‡ā§ŸāĻžā§° āĻ…āĻ¤āĻŋā§°āĻŋāĻ•ā§āĻ¤ āĻ…āĻ­āĻŋāĻ—āĻŽā§° āĻĒā§ā§°ā§Ÿā§‹āĻœāĻ¨ā§€ā§ŸāĻ¤āĻž āĻĻā§‡āĻ–āĻžāĻ‡ āĻ†āĻ›ā§‡āĨ¤ restorecon -v '$TARGET_PATH' āĻ…āĻĨāĻŦāĻž chcon -t SIMILAR_TYPE '$TARGET_PATH' āĻšā§‡āĻˇā§āĻŸāĻž āĻ•ā§°āĻ• "$BOOLEAN" āĻŦā§āĻ˛āĻŋā§ŸāĻžāĻ¨āĻ• true āĻ˛ā§‡ āĻ¸āĻ˛āĻ¨āĻŋ āĻ•ā§°āĻŋāĻ˛ā§‡ āĻāĻ‡ āĻ…āĻ­āĻŋāĻ—āĻŽā§° āĻ…āĻ¨ā§āĻŽāĻ¤āĻŋ āĻĒā§‹ā§ąāĻž āĻ¯āĻžāĻŦ: "setsebool -P $BOOLEAN=1" "$BOOLEAN" āĻŦā§āĻ˛āĻŋā§ŸāĻžāĻ¨āĻ• true āĻ˛ā§‡ āĻ¸āĻ˛āĻ¨āĻŋ āĻ•ā§°āĻŋāĻ˛ā§‡ āĻāĻ‡ āĻ…āĻ­āĻŋāĻ—āĻŽā§° āĻ…āĻ¨ā§āĻŽāĻ¤āĻŋ āĻĒā§‹ā§ąāĻž āĻ¯āĻžāĻŦ: "setsebool -P $BOOLEAN=1āĨ¤" "$allow_ftpd_use_nfs" āĻŦā§āĻ˛āĻŋā§ŸāĻžāĻ¨āĻ• true āĻ˛ā§‡ āĻ¸āĻ˛āĻ¨āĻŋ āĻ•ā§°āĻŋāĻ˛ā§‡ āĻāĻ‡ āĻ…āĻ­āĻŋāĻ—āĻŽā§° āĻ…āĻ¨ā§āĻŽāĻ¤āĻŋ āĻĒā§‹ā§ąāĻž āĻ¯āĻžāĻŦ: "setsebool -P allow_ftpd_use_nfs=1āĨ¤" file_context āĻ• mnt_t āĻ˛ā§‡ āĻ¸āĻ˛āĻ¨āĻŋ āĻ•ā§°āĻŋāĻ˛ā§‡ āĻĢāĻžāĻ‡āĻ˛ āĻšāĻŋāĻ¸ā§āĻŸā§‡āĻŽ āĻŽāĻžāĻ‰āĻ¨ā§āĻŸ āĻ•ā§°āĻŋāĻŦāĻ˛ā§‡ āĻŽāĻžāĻ‰āĻ¨ā§āĻŸā§° āĻ…āĻ¨ā§āĻŽāĻ¤āĻŋ āĻĻāĻŋāĻŦ: "chcon -t mnt_t '$TARGET_PATH'āĨ¤" āĻ†āĻĒā§āĻ¨āĻŋ āĻ˛āĻ—āĻ¤ā§‡ āĻšāĻŋāĻ¸ā§āĻŸā§‡āĻŽāĻ¤ āĻ…āĻŦāĻŋāĻ•āĻ˛ā§āĻĒāĻŋāĻ¤ āĻĢāĻžāĻ‡āĻ˛ āĻĒā§°āĻŋāĻĒā§ā§°ā§‡āĻ•ā§āĻˇāĻ¤āĻŋāĻ¤ āĻĢāĻžāĻ‡āĻ˛āĻ¸āĻŽā§‚āĻš āĻ¸āĻ˛āĻ¨āĻŋ āĻ•ā§°āĻŋāĻŦ āĻ˛āĻžāĻ—āĻŋāĻŦ āĻ¯āĻžāĻ¤ā§‡ āĻ¸āĻŋāĻšāĻ¤āĻ• āĻāĻŸāĻž āĻ¸āĻŽā§āĻĒā§‚ā§°ā§āĻŖ āĻĒā§āĻ¨ā§°āĻ˛ā§‡āĻŦā§‡āĻ˛āĻ¤ āĻ¸āĻ‚ā§°āĻ•ā§āĻˇā§°āĻŖ āĻ•ā§°āĻŋāĻŦ āĻĒāĻžā§°āĻŋāĨ¤ "semanage fcontext -a -t mnt_t '$FIX_TARGET_PATH'" āĻ¯āĻĻāĻŋ httpd āĻ¸ā§āĻ•ā§ā§°āĻŋāĻĒā§āĻŸāĻ¸āĻŽā§‚āĻšāĻ• ā§°āĻžāĻœāĻšā§ā§ąāĻž āĻĄāĻžāĻ‡ā§°ā§‡āĻ•āĻŸā§°āĻŋāĻ¸āĻŽā§‚āĻšāĻ˛ā§‡ āĻ˛āĻŋāĻ–āĻžā§° āĻ…āĻ¨ā§āĻŽāĻ¤āĻŋ āĻĻāĻŋāĻŦ āĻ˛āĻžāĻ—ā§‡ āĻ†āĻĒā§āĻ¨āĻŋ $BOOLEAN āĻŦā§āĻ˛āĻŋā§ŸāĻžāĻ¨ āĻ…āĻ¨ āĻ•ā§°āĻŋāĻŦ āĻ˛āĻžāĻ—āĻŋāĻŦ āĻ†ā§°ā§ ā§°āĻžāĻœāĻšā§ā§ąāĻž āĻĄāĻžāĻ‡ā§°ā§‡āĻ•āĻŸā§°āĻŋā§° āĻĢāĻžāĻ‡āĻ˛ āĻĒā§°āĻŋāĻĒā§ā§°ā§‡āĻ•ā§āĻˇāĻ¤āĻŋāĻ¤āĻ• public_content_rw_t āĻ˛ā§‡ āĻ¸āĻ˛āĻ¨āĻŋ āĻ•ā§°āĻŋāĻŦ āĻ˛āĻžāĻ—āĻŋāĻŦāĨ¤ āĻ…āĻ§āĻŋāĻ• āĻ¤āĻĨā§āĻ¯ā§° āĻŦāĻžāĻŦā§‡ httpd_selinux man āĻĒā§ƒāĻˇā§āĻ āĻž āĻĒā§āĻ•: "setsebool -P $BOOLEAN=1; chcon -t public_content_rw_t " āĻāĻŸāĻž āĻ¸āĻŽā§āĻĒā§‚ā§°ā§āĻŖ āĻĒā§āĻ¨ā§°āĻ˛ā§‡āĻŦā§‡āĻ˛āĻ¤ ā§°āĻžāĻœāĻšā§ā§ąāĻž āĻĄāĻžāĻ‡ā§°ā§‡āĻ•āĻŸā§°āĻŋ āĻ¸āĻ‚ā§°āĻ•ā§āĻˇāĻŖ āĻ•ā§°āĻŋāĻŦāĻ˛ā§‡ āĻ†āĻĒā§āĻ¨āĻŋ āĻšāĻŋāĻ¸ā§āĻŸā§‡āĻŽāĻ¤ āĻ…āĻŦāĻŋāĻ•āĻ˛ā§āĻĒāĻŋāĻ¤ āĻĢāĻžāĻ‡āĻ˛ āĻĒā§°āĻŋāĻĒā§ā§°ā§‡āĻ•ā§āĻˇāĻ¤āĻŋāĻ¤ āĻ˛ā§‡āĻŦā§‡āĻ˛ āĻĨāĻ•āĻž āĻĢāĻžāĻ‡āĻ˛āĻ¸āĻŽā§‚āĻš āĻ¸āĻ˛āĻ¨āĻŋ āĻ•ā§°āĻŋāĻŦ āĻ˛āĻžāĻ—āĻŋāĻŦāĨ¤ "semanage fcontext -a -t public_content_rw_t " āĻ¯āĻĻāĻŋ āĻ†āĻĒā§āĻ¨āĻŋ $SOURCE āĻ• āĻšāĻ˛āĻžāĻŦ āĻŦāĻŋāĻšāĻžā§°ā§‡, āĻ†āĻĒā§āĻ¨āĻŋ $BOOLEAN āĻŦā§āĻ˛āĻŋā§ŸāĻžāĻ¨ āĻ…āĻ¨ āĻ•ā§°āĻŋāĻŦ āĻ˛āĻžāĻ—āĻŋāĻŦāĨ¤ āĻŽāĻ¨ āĻ•ā§°āĻŋāĻŦ: āĻāĻ‡ āĻŦā§āĻ˛āĻŋā§ŸāĻžāĻ¨ā§‡ āĻšāĻŋāĻ¸ā§āĻŸā§‡āĻŽā§° āĻ¸āĻ•āĻ˛ā§‹ āĻāĻĒā§āĻ˛āĻŋāĻ•ā§‡āĻšāĻ¨ā§° āĻ‰āĻĒā§°āĻ¤ āĻĒā§ā§°āĻ­āĻžā§ą āĻĒā§‡āĻ˛āĻžāĻŦāĨ¤ āĻ¯āĻĻāĻŋ āĻ†āĻĒā§āĻ¨āĻŋ httpd āĻŽā§‡āĻ‡āĻ˛ āĻĒā§ā§°ā§‡ā§°āĻŖ āĻ•ā§°āĻžāĻŦ āĻŦāĻŋāĻšāĻžā§°ā§‡ āĻ†āĻĒā§āĻ¨āĻŋ $BOOLEAN boolean: "setsebool -P $BOOLEAN=1" āĻ…āĻ¨ āĻ•ā§°āĻŋāĻŦ āĻ˛āĻžāĻ—āĻŋāĻŦ āĻ¯āĻĻāĻŋ āĻ†āĻĒā§āĻ¨āĻŋ $SOURCE āĻ• āĻĒā§‹ā§°ā§āĻŸ $PORT_NUMBER āĻ˛ā§‡ āĻ¸āĻ‚āĻ¯ā§‹āĻ— āĻ•ā§°āĻžā§° āĻ…āĻ¨ā§āĻŽāĻ¤āĻŋ āĻĻāĻŋāĻŦ āĻŦāĻŋāĻšāĻžā§°ā§‡, āĻ†āĻĒā§āĻ¨āĻŋ # semanage port -a -t PORT_TYPE -p %s $PORT_NUMBER āĻāĻ•ā§āĻ¸āĻŋāĻ•āĻŋāĻ‰āĻŸ āĻ•ā§°āĻŋāĻŦ āĻĒāĻžā§°āĻŋāĻŦ āĻ¯āĻ¤ PORT_TYPE āĻšāĻ˛ āĻ¨āĻŋāĻŽā§āĻ¨āĻ˛āĻŋāĻ–āĻŋāĻ¤ā§° āĻāĻŸāĻž: %s. āĻ¯āĻĻāĻŋ āĻāĻ‡ āĻšāĻŋāĻ¸ā§āĻŸā§‡āĻŽ āĻāĻŸāĻž NIS āĻ•ā§āĻ˛āĻžāĻāĻ¨ā§āĻŸ āĻšāĻŋāĻšāĻžāĻĒā§‡ āĻšāĻ˛āĻŋ āĻ†āĻ›ā§‡, allow_ypbind āĻŦā§āĻ˛āĻŋā§ŸāĻžāĻ¨āĻ• āĻ…āĻ¨ āĻ•ā§°āĻŋāĻ˛ā§‡ āĻ¸āĻŽāĻ¸ā§āĻ¯āĻž āĻ āĻŋāĻ• āĻšāĻŦ āĻĒāĻžā§°ā§‡āĨ¤ setsebool -P allow_ypbind=1āĨ¤ āĻ¯āĻĻāĻŋ āĻ†āĻĒā§āĻ¨āĻŋ $SOURCE āĻ• $PORT_NUMBER ā§° āĻ¸ā§ˆāĻ¤ā§‡ āĻ¸āĻ‚āĻ¯ā§‹āĻ— āĻ•ā§°āĻžā§° āĻ…āĻ¨ā§āĻŽāĻ¤āĻŋ āĻĻāĻŋāĻŦ āĻŦāĻŋāĻšāĻžā§°ā§‡, āĻ†āĻĒā§āĻ¨āĻŋ āĻāĻ•ā§āĻ¸āĻŋāĻ•āĻŋāĻ‰āĻŸ āĻ•ā§°āĻŋāĻŦ āĻĒāĻžā§°āĻŋāĻŦ # sandbox -X -t sandbox_net_t $SOURCE āĻ¯āĻĻāĻŋ āĻ†āĻĒā§āĻ¨āĻŋ $SOURCE āĻ• $PORT_NUMBER āĻ˛ā§‡ āĻ¸āĻ‚āĻ¯ā§‹āĻ— āĻ•ā§°āĻžāĻŦ āĻŦāĻŋāĻšāĻžā§°ā§‡, āĻ†āĻĒā§āĻ¨āĻŋ āĻĒā§ā§°ā§‡ā§°āĻŖ āĻ•ā§°āĻŋāĻŦ āĻĒāĻžā§°ā§‡ # semanage port -a -t PORT_TYPE -p %s $PORT_NUMBER āĻ¯āĻ¤ PORT_TYPE āĻ¨āĻŋāĻŽā§āĻ¨āĻ˛āĻŋāĻ–āĻŋāĻ¤ā§° āĻāĻŸāĻž: %s. āĻ¯āĻĻāĻŋ āĻ†āĻĒā§āĻ¨āĻŋ $TARGET_PATH ā§° āĻĢāĻžāĻ‡āĻ˛ āĻĒā§°āĻŋāĻĒā§ā§°ā§‡āĻ•ā§āĻˇāĻ¤āĻŋāĻ¤ āĻ¸āĻ˛āĻ¨āĻŋ āĻ•ā§°āĻŋāĻŦ āĻŦāĻŋāĻšāĻžā§°ā§‡ āĻ¯āĻžāĻ¤ā§‡ āĻ¸ā§āĻŦāĻŽāĻžāĻ‰āĻ¨ā§āĻŸāĻžā§°ā§‡ āĻ‡ā§ŸāĻžāĻ• āĻāĻ•ā§āĻ¸āĻŋāĻ•āĻŋāĻ‰āĻŸ āĻ•ā§°āĻŋāĻŦ āĻĒāĻžā§°ā§‡ āĻ†āĻĒā§āĻ¨āĻŋ "chcon -t bin_t $TARGET_PATH" āĻāĻ•ā§āĻ¸āĻŋāĻ•āĻŋāĻ‰āĻŸ āĻ•ā§°āĻŋāĻŦ āĻĒāĻžā§°āĻŋāĻŦāĨ¤ āĻ¯āĻĻāĻŋ āĻ†āĻĒā§āĻ¨āĻŋ āĻ‡ā§ŸāĻžāĻ• āĻāĻŸāĻž āĻĒā§āĻ¨ā§°āĻ˛ā§‡āĻŦā§‡āĻ˛ āĻĒā§°āĻž āĻŦāĻšāĻžāĻŦ āĻŦāĻŋāĻšāĻžā§°āĻŋāĻ›ā§‡, āĻ†āĻĒā§āĻ¨āĻŋ āĻ¸ā§āĻĨāĻžā§Ÿā§€āĻ­āĻžā§ąā§‡ āĻĢāĻžāĻ‡āĻ˛ āĻĒā§°āĻŋāĻĒā§ā§°ā§‡āĻ•ā§āĻˇāĻ¤āĻŋāĻ¤: execute "semanage fcontext -a -t bin_t '$FIX_TARGET_PATH'" āĻ¸āĻ˛āĻ¨āĻŋ āĻ•ā§°āĻŋāĻŦ āĻ˛āĻžāĻ—āĻŋāĻŦāĨ¤ SELinux āĻ $SOURCE āĻĻā§āĻŦāĻžā§°āĻž āĻ…āĻ¨ā§ā§°ā§‹āĻ§ āĻ•ā§°āĻž āĻ…āĻ­āĻŋāĻ—āĻŽ āĻ¨āĻžāĻ•āĻš āĻ•ā§°āĻŋāĻ˛ā§‡āĨ¤ āĻāĻ‡ āĻ…āĻ­āĻŋāĻ—āĻŽ $SOURCE āĻĻā§āĻŦāĻžā§°āĻž āĻĒā§ā§°ā§Ÿā§‹āĻœāĻ¨ āĻšāĻŦ āĻŦā§āĻ˛āĻŋ āĻ†āĻļāĻž āĻ•ā§°āĻž āĻšā§‹ā§ąāĻž āĻ¨āĻžāĻ‡ āĻ†ā§°ā§ āĻāĻ‡ āĻ¸āĻ‚āĻ•ā§‡āĻ¤ā§‡ āĻāĻŸāĻž āĻ…āĻ¨āĻžāĻ§āĻŋāĻ•āĻžā§° āĻĒā§ā§°ā§ąā§‡āĻļā§° āĻ‡āĻ‚āĻ—āĻŋāĻ¤ āĻĻāĻŋāĻŦ āĻĒāĻžā§°ā§‡āĨ¤ āĻ¸āĻŽā§āĻ­āĻŦ āĻšāĻŦ āĻĒāĻžā§°ā§‡ āĻ¯ā§‡ āĻāĻĒā§āĻ˛āĻŋāĻ•ā§‡āĻšāĻ¨ā§° āĻŦāĻŋāĻļā§‡āĻˇ āĻ¸āĻ‚āĻ¸ā§āĻ•ā§°āĻŖ āĻ…āĻĨāĻŦāĻž āĻ¸āĻ‚ā§°ā§‚āĻĒā§‡ āĻ‡ā§ŸāĻžā§° āĻ…āĻ¤āĻŋā§°āĻŋāĻ•ā§āĻ¤ āĻ…āĻ­āĻŋāĻ—āĻŽā§° āĻĒā§ā§°ā§Ÿā§‹āĻœāĻ¨ā§€ā§ŸāĻ¤āĻž āĻĻā§‡āĻ–āĻžāĻ‡ āĻ†āĻ›ā§‡āĨ¤ SELinux āĻ $SOURCE āĻ•āĻŽāĻžāĻ¨ā§āĻĄ āĻĻā§āĻŦāĻžā§°āĻž āĻ…āĻ¨ā§ā§°ā§‹āĻ§ āĻ•ā§°āĻž āĻ…āĻ­āĻŋāĻ—āĻŽ āĻ¨āĻžāĻ•āĻš āĻ•ā§°āĻŋāĻ˛ā§‡āĨ¤ āĻāĻ¨ā§‡ āĻ˛āĻžāĻ—āĻŋāĻ›ā§‡ āĻ¯ā§‡āĻ¨ āĻ‡ āĻšā§Ÿ āĻāĻŸāĻž āĻ‰ā§°ā§āĻ– āĻŦāĻŋā§ąā§°āĻ• āĻ…āĻĨāĻŦāĻž $SOURCE āĻ†āĻ‰āĻŸāĻĒā§āĻŸāĻ• āĻāĻ¨ā§‡ āĻāĻŸāĻž āĻĢāĻžāĻ‡āĻ˛āĻ˛ā§‡ āĻĒā§āĻ¨ā§°āĻ¨āĻŋā§°ā§āĻĻā§‡āĻļ āĻ•ā§°āĻž āĻšā§ˆāĻ›ā§‡ āĻ¯āĻ˛ā§ˆ āĻ¤āĻžā§° āĻ…āĻ­āĻŋāĻ—āĻŽā§° āĻ…āĻ¨ā§āĻŽāĻ¤āĻŋ āĻ¨āĻžāĻ‡āĨ¤ āĻ‰ā§°ā§āĻ–āĻ¸āĻŽā§‚āĻš āĻ¸āĻžāĻ§āĻžā§°āĻŖāĻ¤ āĻ‰āĻĒā§‡āĻ•ā§āĻˇāĻž āĻ•ā§°āĻŋāĻŦ āĻĒāĻžā§°āĻŋ āĻ¯āĻŋāĻšā§‡āĻ¤ā§ SELinux āĻ āĻ‰ā§°ā§āĻ– āĻŦāĻ¨ā§āĻ§ āĻ•ā§°āĻŋ āĻ¤ā§ā§°ā§āĻŸāĻŋā§° āĻ¸āĻ‚āĻŦāĻžāĻĻ āĻĻāĻŋ āĻ†āĻ›ā§‡āĨ¤ āĻāĻĒā§āĻ˛āĻŋāĻ•ā§‡āĻšāĻ¨ā§‡ āĻŦāĻŋā§ąā§°āĻ• āĻŦā§āĻ¯ā§ąāĻšāĻžā§° āĻ¨āĻ•ā§°ā§‡, āĻ¸ā§‡ā§Ÿā§‡āĻšā§‡ āĻ‡ āĻ¸āĻ āĻŋāĻ•āĻ­āĻžā§ąā§‡ āĻšāĻ˛āĻŋāĻŦāĨ¤ āĻ¯āĻĻāĻŋ āĻ‡ āĻāĻŸāĻž āĻĒā§āĻ¨ā§°āĻ¨āĻŋā§°ā§āĻĻā§‡āĻļ āĻšā§Ÿ, āĻ†āĻĒā§āĻ¨āĻŋ $TARGET_PATH āĻ¤ āĻ†āĻ‰āĻŸāĻĒā§āĻŸ āĻ¨āĻžāĻĒāĻžāĻŦāĨ¤ āĻ†āĻĒā§āĻ¨āĻŋ selinux-policy āĻ¤ āĻāĻŸāĻž bugzilla āĻ¸ā§ƒāĻœāĻ¨ āĻ•ā§°āĻŋāĻŦ āĻ˛āĻžāĻ—āĻŋāĻŦ, āĻ†ā§°ā§ āĻ‡ āĻ¸āĻ āĻŋāĻ• āĻĒā§‡āĻ•ā§‡āĻ‡āĻœ āĻ˛ā§ˆāĻ•ā§‡ āĻĻāĻŋāĻļ āĻĒāĻžāĻŦāĨ¤ āĻ†āĻĒā§āĻ¨āĻŋ avc āĻ• āĻ¸ā§ā§°āĻ•ā§āĻˇāĻŋāĻ¤āĻ­āĻžā§ąā§‡ āĻ‰āĻĒā§‡āĻ•ā§āĻˇāĻž āĻ•ā§°āĻŋāĻŦ āĻĒāĻžā§°āĻŋāĻŦāĨ¤ SELinux āĻ $SOURCE āĻĻā§āĻŦāĻžā§°āĻž āĻ…āĻ¨ā§ā§°ā§‹āĻ§ āĻ•ā§°āĻž $TARGET_PATH āĻ¨āĻžāĻ•āĻš āĻ•ā§°āĻŋāĻ˛ā§‡āĨ¤ $TARGET_PATH ā§° āĻāĻŸāĻž āĻĒā§ƒāĻĨāĻ• āĻĒā§ā§°āĻ—ā§ā§°āĻžāĻŽ āĻĻā§āĻŦāĻžā§°āĻž āĻ…āĻ‚āĻļā§€āĻĻāĻžā§°ā§€ āĻ•ā§°āĻŋāĻŦāĻ˛ā§‡ āĻŦā§āĻ¯ā§ąāĻšā§ƒāĻ¤ āĻāĻŸāĻž āĻĒā§°āĻŋāĻĒā§ā§°ā§‡āĻ•ā§āĻˇāĻ¤āĻŋāĻ¤ āĻ†āĻ›ā§‡āĨ¤ āĻ¯āĻĻāĻŋ āĻ†āĻĒā§āĻ¨āĻŋ $SOURCE ā§° āĻĒā§°āĻž $TARGET_PATH āĻ…āĻ‚āĻļā§€āĻĻāĻžā§°ā§€ āĻ•ā§°āĻŋāĻŦ āĻŦāĻŋāĻšāĻžā§°ā§‡, āĻ†āĻĒā§āĻ¨āĻŋ āĻ‡ā§ŸāĻžā§° āĻĢāĻžāĻ‡āĻ˛ āĻĒā§°āĻŋāĻĒā§ā§°ā§‡āĻ•ā§āĻˇāĻ¤āĻŋāĻ¤ public_content_t āĻ˛ā§‡ āĻ¸āĻ˛āĻ¨āĻŋ āĻ•ā§°āĻŋāĻŦ āĻ˛āĻžāĻ—āĻŋāĻŦāĨ¤ āĻ¯āĻĻāĻŋ āĻ†āĻĒā§āĻ¨āĻŋ āĻāĻ‡ āĻ…āĻ­āĻŋāĻ—āĻŽā§° āĻ…āĻ¨ā§āĻŽāĻ¤āĻŋ āĻĻāĻŋāĻŦ āĻ¨āĻŋāĻŦāĻŋāĻšāĻžā§°ā§‡, āĻ‡ āĻāĻŸāĻž āĻ…āĻ¨āĻžāĻ§āĻŋāĻ•āĻžā§° āĻĒā§ā§°ā§ąā§‡āĻļā§° āĻ‡āĻ‚āĻ—āĻŋāĻ¤ āĻĻāĻŋāĻŦ āĻĒāĻžā§°ā§‡āĨ¤ SELinux āĻ $TARGET_PATH āĻ˛ā§‡ cvs āĻ…āĻ­āĻŋāĻ—āĻŽ āĻ¨āĻžāĻ•āĻš āĻ•ā§°āĻŋāĻ˛ā§‡āĨ¤ āĻ¯āĻĻāĻŋ āĻ‡ āĻāĻŸāĻž CVS āĻ­āĻā§°āĻžāĻ˛ āĻšā§Ÿ āĻ‡ā§ŸāĻžā§° āĻāĻŸāĻž āĻĢāĻžāĻ‡āĻ˛ āĻĒā§°āĻŋāĻĒā§ā§°ā§‡āĻ•ā§āĻˇāĻ¤āĻŋāĻ¤ āĻ˛ā§‡āĻŦā§‡āĻ˛ cvs_data_t āĻĨāĻžāĻ•āĻŋāĻŦ āĻ˛āĻžāĻ—āĻŋāĻŦāĨ¤ āĻ¯āĻĻāĻŋ āĻ†āĻĒā§āĻ¨āĻŋ $TARGET_PATH āĻ• āĻāĻŸāĻž CVS āĻ­āĻā§°āĻžāĻ˛ āĻšāĻŋāĻšāĻžāĻĒā§‡ āĻŦā§āĻ¯ā§ąāĻšāĻžā§° āĻ•ā§°āĻŋāĻŦ āĻ¨āĻŋāĻŦāĻŋāĻšāĻžā§°ā§‡ āĻ‡ āĻāĻŸāĻž āĻŦāĻžāĻ— āĻšāĻŦ āĻĒāĻžā§°ā§‡ āĻ…āĻĨāĻŦāĻž āĻ‡ āĻāĻŸāĻž āĻ…āĻ¨āĻžāĻ§āĻŋāĻ•āĻžā§° āĻĒā§ā§°ā§ąā§‡āĻļā§° āĻ‡āĻ‚āĻ—āĻŋāĻ¤ āĻšāĻŦ āĻĒāĻžā§°ā§‡āĨ¤ SELinux āĻ $TARGET_PATH āĻ˛ā§‡ xen āĻ…āĻ­āĻŋāĻ—āĻŽ āĻ¨āĻžāĻ•āĻš āĻ•ā§°āĻŋāĻ˛ā§‡āĨ¤ āĻ¯āĻĻāĻŋ āĻ‡ āĻāĻŸāĻž XEN āĻ›āĻŦāĻŋ āĻšā§Ÿ, āĻ‡ā§ŸāĻžā§° āĻāĻŸāĻž xen_image_t āĻĢāĻžāĻ‡āĻ˛ āĻĒā§°āĻŋāĻĒā§ā§°ā§‡āĻ•ā§āĻˇāĻ¤āĻŋāĻ¤ āĻ˛ā§‡āĻŦā§‡āĻ˛ āĻĨāĻžāĻ•āĻŋāĻŦ āĻ˛āĻžāĻ—āĻŋāĻŦāĨ¤ āĻšāĻŋāĻ¸ā§āĻŸā§‡āĻŽ āĻĄāĻžāĻ‡ā§°ā§‡āĻ•āĻŸā§°āĻŋ /var/lib/xen/images āĻ¤ āĻ›āĻŦāĻŋ āĻĢāĻžāĻ‡āĻ˛āĻ¸āĻŽā§‚āĻš āĻ¸āĻ āĻŋāĻ•āĻ­āĻžā§ąā§‡ āĻ˛ā§‡āĻŦā§‡āĻ˛ āĻ•ā§°āĻŋāĻŦāĻ˛ā§‡ āĻ¸āĻ‚āĻ¸ā§āĻĨāĻžāĻĒāĻŋāĻ¤āĨ¤ āĻ†āĻŽāĻŋ āĻ‰āĻĒāĻĻā§‡āĻļ āĻĻāĻŋāĻ“ āĻ¯ā§‡ āĻ†āĻĒā§āĻ¨āĻŋ āĻ†āĻĒā§‹āĻ¨āĻžā§° āĻ›āĻŦāĻŋ āĻĢāĻžāĻ‡āĻ˛āĻ• /var/lib/xen/images āĻ›āĻŦāĻŋāĻ¤ āĻ•āĻĒāĻŋ āĻ•ā§°āĻ•āĨ¤ āĻ¯āĻĻāĻŋ āĻ†āĻĒā§āĻ¨āĻŋ āĻ¸āĻāĻšāĻžāĻ•ā§ˆ āĻ†āĻĒā§‹āĻ¨āĻžā§° xen āĻ›āĻŦāĻŋ āĻĢāĻžāĻ‡āĻ˛āĻ¸āĻŽā§‚āĻšāĻ• āĻŦā§°ā§āĻ¤āĻŽāĻžāĻ¨ āĻĄāĻžāĻ‡ā§°ā§‡āĻ•āĻŸā§°āĻŋāĻ¤ āĻŦāĻŋāĻšāĻžā§°ā§‡, āĻ†āĻĒā§āĻ¨āĻŋ chcon āĻŦā§āĻ¯ā§ąāĻšāĻžā§° āĻ•ā§°āĻŋ $TARGET_PATH āĻ• xen_image_t āĻšāĻŋāĻšāĻžāĻĒā§‡ āĻĒā§āĻ¨ā§° āĻ˛ā§‡āĻŦā§‡āĻ˛ āĻ•ā§°āĻŋāĻŦ āĻĒāĻžā§°āĻŋāĻŦāĨ¤ āĻ†āĻĒā§āĻ¨āĻŋ āĻ˛āĻ—āĻ¤ā§‡ āĻāĻ‡ āĻ¨āĻ¤ā§āĻ¨ āĻĒāĻĨāĻ• āĻšāĻŋāĻ¸ā§āĻŸā§‡āĻŽ āĻ…āĻŦāĻŋāĻ•āĻ˛ā§āĻĒāĻŋāĻ¤ āĻ¯ā§‹āĻ— āĻ•ā§°āĻŋāĻŦāĻ˛ā§‡ semanage fcontext -a -t xen_image_t '$FIX_TARGET_PATH' āĻāĻ•ā§āĻ¸āĻŋāĻ•āĻŋāĻ‰āĻŸ āĻ•ā§°āĻŋāĻŦ āĻ˛āĻžāĻ—āĻŋāĻŦāĨ¤ āĻ¯āĻĻāĻŋ āĻ†āĻĒā§āĻ¨āĻŋ $TARGET_PATH āĻ• āĻāĻŸāĻž xen āĻ›āĻŦāĻŋ āĻšāĻŋāĻšāĻžāĻĒā§‡ āĻŦā§āĻ¯ā§ąāĻšāĻžā§° āĻ•ā§°āĻŋāĻŽ āĻŦā§āĻ˛āĻŋ āĻ­āĻŦāĻž āĻ¨āĻžāĻ‡ āĻ‡ āĻāĻŸāĻž āĻŦāĻžāĻ— āĻ…āĻĨāĻŦāĻž āĻāĻŸāĻž āĻ…āĻ¨āĻžāĻ§āĻŋāĻ•āĻžā§° āĻĒā§ā§°ā§ąā§‡āĻļā§° āĻ‡āĻ‚āĻ—āĻŋāĻ¤ āĻĻāĻŋāĻŦ āĻĒāĻžā§°ā§‡āĨ¤ SELinux āĻ āĻŦāĻŋāĻ­ā§ąā§€ā§ŸāĻ­āĻžā§ąā§‡ āĻ­ā§āĻ˛ āĻ˛ā§‡āĻŦā§‡āĻ˛ āĻ•ā§°āĻž āĻĢāĻžāĻ‡āĻ˛āĻ¸āĻŽā§‚āĻš $TARGET_PATH āĻ˛ā§‡ $SOURCE āĻ…āĻ­āĻŋāĻ—āĻŽ āĻ¨āĻžāĻ•āĻš āĻ•ā§°āĻŋāĻ›ā§‡āĨ¤ āĻ‡ āĻŦā§āĻœāĻžā§Ÿ āĻ¯ā§‡ SELinux āĻ httpd āĻ• āĻāĻ‡ āĻĢāĻžāĻ‡āĻ˛āĻ¸āĻŽā§‚āĻš āĻŦā§āĻ¯ā§ąāĻšāĻžā§° āĻ•ā§°āĻžā§° āĻ…āĻ¨ā§āĻŽāĻ¤āĻŋ āĻ¨āĻŋāĻĻāĻŋāĻŦāĨ¤ āĻ¯āĻĻāĻŋ httpd āĻ• āĻāĻ‡ āĻĢāĻžāĻ‡āĻ˛āĻ¸āĻŽā§‚āĻšāĻ˛ā§‡ āĻ…āĻ­āĻŋāĻ—āĻŽ āĻĻāĻŋāĻŦ āĻ˛āĻžāĻ—ā§‡ āĻ†āĻĒā§āĻ¨āĻŋ āĻĢāĻžāĻ‡āĻ˛ āĻĒā§°āĻŋāĻĒā§ā§°ā§‡āĻ•ā§āĻˇāĻ¤āĻŋāĻ¤āĻ• āĻ¨āĻŋāĻŽā§āĻ¨āĻ˛āĻŋāĻ–āĻŋāĻ¤ āĻ§ā§°āĻŖāĻ¸āĻŽā§‚āĻšā§° āĻāĻŸāĻžāĻ˛ā§‡, %s āĻ¸āĻ˛āĻ¨āĻŋ āĻ•ā§°āĻŋāĻŦ āĻ˛āĻžāĻ—āĻŋāĻŦāĨ¤ āĻŦāĻšā§āĻ¤ā§‹ āĻ¤ā§ƒāĻ¤āĻŋā§Ÿ āĻĻāĻ˛ āĻāĻĒā§āĻ˛āĻŋāĻ•ā§‡āĻšāĻ¨āĻ¸āĻŽā§‚āĻšā§‡ āĻĄāĻžāĻ‡ā§°ā§‡āĻ•āĻŸā§°āĻŋāĻ¸āĻŽā§‚āĻšāĻ¤ html āĻĢāĻžāĻ‡āĻ˛āĻ¸āĻŽā§‚āĻš āĻ‡āĻ¨āĻ¸ā§āĻŸāĻ˛ āĻ•ā§°ā§‡ āĻ¯āĻžāĻ• SELinux āĻ¨āĻŋāĻ¤āĻŋā§Ÿā§‡ āĻ†āĻ—āĻ¤āĻŋā§ŸāĻžāĻ•ā§ˆ āĻ•āĻŦ āĻ¨ā§‹ā§ąāĻžā§°ā§‡āĨ¤ āĻāĻ‡ āĻĄāĻžāĻ‡ā§°ā§‡āĻ•āĻŸā§°āĻŋāĻ¸āĻŽā§‚āĻšāĻ• āĻāĻŸāĻž āĻĢāĻžāĻ‡āĻ˛ āĻĒā§°āĻŋāĻĒā§ā§°ā§‡āĻ¤āĻŋāĻ¤ā§° āĻ¸āĻšāĻžā§ŸāĻ¤ āĻ˛ā§‡āĻŦā§‡āĻ˛ āĻ•ā§°āĻŋāĻŦ āĻ˛āĻžāĻ—āĻŋāĻŦ āĻ¯āĻžāĻ• httpd āĻ āĻ…āĻ­āĻŋāĻ—āĻŽ āĻ•ā§°āĻŋāĻŦ āĻĒāĻžā§°ā§‡āĨ¤ SELinux āĻ $SOURCE_PATH āĻ• āĻŦāĻŋāĻ­ā§ąā§€ā§ŸāĻ­āĻžā§ąā§‡ āĻ­ā§āĻ˛ āĻ§ā§°āĻŖā§‡ āĻ˛ā§‡āĻŦā§‡āĻ˛ āĻ•ā§°āĻž āĻĢāĻžāĻ‡āĻ˛āĻ¸āĻŽā§‚āĻš $TARGET_PATH āĻāĻ•ā§āĻ¸āĻŋāĻ•āĻŋāĻ‰āĻŸ āĻ•ā§°āĻž āĻ¨āĻžāĻ•āĻš āĻ•ā§°āĻŋāĻ›ā§‡āĨ¤ āĻ¸ā§āĻŦāĻŽāĻžāĻ‰āĻ¨ā§āĻŸāĻžā§°āĻ• āĻ¸āĻ‚ā§°ā§‚āĻĒ āĻĢāĻžāĻ‡āĻ˛āĻ¸āĻŽā§‚āĻš āĻāĻ•ā§āĻ¸āĻŋāĻ•āĻŋāĻ‰āĻŸ āĻ•ā§°āĻŋāĻŦāĻ˛ā§‡ āĻ¸āĻ‚āĻ¸ā§āĻĨāĻžāĻĒāĻ¨ āĻ•ā§°āĻŋāĻŦ āĻĒāĻžā§°āĻŋāĨ¤ āĻ¯āĻĻāĻŋ $TARGET_PATH āĻāĻŸāĻž āĻ¸ā§āĻŦāĻŽāĻžāĻ‰āĻ¨ā§āĻŸ āĻāĻ•ā§āĻ¸āĻŋāĻ•āĻŋāĻ‰āĻŸā§‡āĻŦā§āĻ˛ āĻ¸āĻ‚ā§°ā§‚āĻĒ āĻĢāĻžāĻ‡āĻ˛ āĻ‡ā§ŸāĻžā§° bin_t āĻ˛ā§‡āĻŦā§‡āĻ˛ āĻĨāĻžāĻ•āĻŋāĻŦ āĻ˛āĻžāĻ—āĻŋāĻŦāĨ¤ āĻ¯āĻĻāĻŋ āĻ¸ā§āĻŦāĻŽāĻžāĻ‰āĻ¨ā§āĻŸāĻžā§°ā§‡ āĻāĻ•ā§āĻ¸āĻŋāĻ•āĻŋāĻ‰āĻŸ āĻ•ā§°āĻŋāĻŦ āĻ¨āĻ˛āĻ—āĻž āĻ•āĻŋāĻŦāĻžāĻ• āĻāĻ•ā§āĻ¸āĻŋāĻ•āĻŋāĻ‰āĻŸ āĻ•ā§°āĻžā§° āĻšā§‡āĻˇā§āĻŸāĻž āĻ•ā§°āĻŋ āĻ†āĻ›ā§‡, āĻ‡ āĻāĻŸāĻž āĻ…āĻ¨āĻžāĻ§āĻŋāĻ•āĻžā§° āĻĒā§ā§°ā§ąā§‡āĻļā§° āĻ‡āĻ‚āĻ—āĻŋāĻ¤ āĻĻāĻŋāĻŦ āĻĒāĻžā§°ā§‡āĨ¤ SELinux āĻ vbetool āĻ• āĻāĻŸāĻž āĻ…āĻ¸ā§ā§°āĻ•ā§āĻˇāĻŋāĻ¤ āĻŽā§‡āĻŽā§°āĻŋ āĻ•āĻžā§°ā§āĻ¯ā§āĻ¯ āĻĒā§°āĻŋā§ąā§‡āĻļāĻ¨ āĻ•ā§°āĻžā§° āĻĒā§°āĻž āĻĒā§ā§°āĻ¤āĻŋā§°ā§‹āĻ§ āĻ•ā§°āĻŋāĻ›ā§‡āĨ¤ SELinux āĻ wine āĻ• āĻāĻŸāĻž āĻ…āĻ¸ā§ā§°āĻ•ā§āĻˇāĻŋāĻ¤ āĻŽā§‡āĻŽā§°āĻŋ āĻ•āĻžā§°ā§āĻ¯ā§āĻ¯ āĻĒā§°āĻŋā§ąā§‡āĻļāĻ¨ āĻ•ā§°āĻžā§° āĻĒā§°āĻž āĻĒā§ā§°āĻ¤āĻŋā§°ā§‹āĻ§ āĻ•ā§°āĻŋāĻ›ā§‡āĨ¤ SELinux āĻ $TARGET_PATH āĻ¤ $SOURCE_PATH "$ACCESS" āĻ…āĻ­āĻŋāĻ—āĻŽ āĻĒā§ā§°āĻ¤āĻŋā§°ā§‹āĻ§ āĻ•ā§°āĻŋ āĻ†āĻ›ā§‡āĨ¤ SELinux āĻ $TARGET_PATH āĻ˛ā§‡ $SOURCE_PATH "$ACCESS" āĻ…āĻ­āĻŋāĻ—āĻŽ āĻĒā§ā§°āĻ¤āĻŋā§°ā§‹āĻ§ āĻ•ā§°āĻŋ āĻ†āĻ›ā§‡āĨ¤ SELinux āĻ $TARGET_PATH āĻ˛ā§‡ $SOURCE_PATH "$ACCESS" āĻ…āĻ­āĻŋāĻ—āĻŽ āĻĒā§ā§°āĻ¤āĻŋā§°ā§‹āĻ§ āĻ•ā§°āĻŋ āĻ†āĻ›ā§‡āĨ¤ SELinux āĻ āĻāĻŸāĻž $TARGET_PATH āĻĢāĻžāĻ‡āĻ˛ āĻŦāĻŋā§ąā§°āĻ•āĻ˛ā§‡ $SOURCE_PATH āĻ…āĻ­āĻŋāĻ—āĻŽ āĻĒā§ā§°āĻ¤āĻŋā§°ā§‹āĻ§ āĻ•ā§°āĻŋ āĻ†āĻ›ā§‡āĨ¤ SELinux āĻ $SOURCE_PATH āĻ• āĻĒā§‹ā§°ā§āĻŸ $PORT_NUMBER āĻ˛āĻ—āĻ¤ āĻ¸āĻ‚āĻ¯ā§‹āĻ— āĻ•ā§°āĻžā§° āĻĒā§°āĻž āĻĒā§ā§°āĻ¤āĻŋā§°ā§‹āĻ§ āĻ•ā§°āĻŋ āĻ†āĻ›ā§‡āĨ¤ SELinux āĻ $SOURCE_PATH āĻ• āĻšāĻŋāĻĒāĻ¤ āĻŽā§‡āĻŽā§°āĻŋā§° āĻ…āĻ­āĻŋāĻ—āĻŽ āĻ¸ā§ā§°āĻ•ā§āĻˇāĻž āĻ¸āĻ˛āĻ¨āĻŋ āĻ•ā§°āĻžā§° āĻĒā§°āĻž āĻĒā§ā§°āĻ¤āĻŋā§°ā§‹āĻ§ āĻ•ā§°āĻŋ āĻ†āĻ›ā§‡āĨ¤ SELinux āĻ $SOURCE_PATH āĻ• āĻĒā§‹ā§°ā§āĻŸ $PORT_NUMBER āĻ˛āĻ—āĻ¤ āĻ¸āĻ‚āĻ¯ā§‹āĻ— āĻ•ā§°āĻžā§° āĻĒā§°āĻž āĻĒā§ā§°āĻ¤āĻŋā§°ā§‹āĻ§ āĻ•ā§°āĻŋ āĻ†āĻ›ā§‡āĨ¤ SELinux āĻ $SOURCE_PATH āĻ• āĻāĻŸāĻž āĻĢāĻžāĻ‡āĻ˛āĻšāĻŋāĻ¸ā§āĻŸā§‡āĻŽāĻ¤ $SOURCE_TYPE ā§° āĻāĻŸāĻž āĻĒā§°āĻŋāĻĒā§ā§°ā§‡āĻ•ā§āĻˇāĻ¤āĻŋāĻ¤ā§° āĻ¸ā§ˆāĻ¤ā§‡ āĻāĻŸāĻž āĻĢāĻžāĻ‡āĻ˛ āĻ¸ā§ƒāĻˇā§āĻŸāĻŋ āĻ•ā§°āĻžā§° āĻĒā§°āĻž āĻĒā§ā§°āĻ¤āĻŋā§°ā§‹āĻ§ āĻ•ā§°āĻŋ āĻ†āĻ›ā§‡āĨ¤ SELinux āĻ $SOURCE_PATH āĻ• $TARGET_PATH āĻ˛'āĻĄ āĻ•ā§°āĻžā§° āĻĒā§°āĻž āĻĒā§ā§°āĻ¤āĻŋā§°ā§‹āĻ§ āĻ•ā§°āĻŋ āĻ†āĻ›ā§‡ āĻ¯āĻžā§° āĻĒāĻžāĻ  āĻ†āĻŦāĻ¨ā§āĻŸāĻ¨ā§° āĻĒā§ā§°ā§Ÿā§‹āĻœāĻ¨āĨ¤ SELinux āĻ $SOURCE_PATH āĻ• āĻĒā§ā§°āĻ—ā§ā§°āĻžāĻŽ āĻ¸ā§āĻŸā§‡āĻ•āĻ• āĻāĻ•ā§āĻ¸āĻŋāĻ•āĻŋāĻ‰āĻŸā§‡āĻŦā§āĻ˛ āĻ•ā§°āĻžā§° āĻĒā§°āĻž āĻĒā§ā§°āĻ¤āĻŋā§°ā§‹āĻ§ āĻ•ā§°āĻŋ āĻ†āĻ›ā§‡āĨ¤ SELinux āĻ $TARGET_PATH āĻ˛ā§‡ Samba ($SOURCE_PATH) "$ACCESS" āĻ…āĻ­āĻŋāĻ—āĻŽ āĻĒā§ā§°āĻ¤āĻŋā§°ā§‹āĻ§ āĻ•ā§°āĻŋ āĻ†āĻ›ā§‡āĨ¤ SELinux āĻ $TARGET_PATH āĻ˛ā§‡ cvs ($SOURCE_PATH) "$ACCESS" āĻ…āĻ­āĻŋāĻ—āĻŽ āĻĒā§ā§°āĻ¤āĻŋā§°ā§‹āĻ§ āĻ•ā§°āĻŋ āĻ†āĻ›ā§‡ SELinux āĻ $SOURCE_PATH āĻ• āĻŦāĻŋāĻ­ā§ąā§€ā§ŸāĻ­āĻžā§ąā§‡ āĻ­ā§āĻ˛āĻ˛ā§‡āĻŦā§‡āĻ˛ āĻĢāĻžāĻ‡āĻ˛ $TARGET_PATH āĻāĻ•ā§āĻ¸āĻŋāĻ•āĻŋāĻ‰āĻŸ āĻ•ā§°āĻžā§° āĻĒā§°āĻž āĻĒā§ā§°āĻ¤āĻŋā§°ā§‹āĻ§ āĻ•ā§°āĻŋ āĻ†āĻ›ā§‡āĨ¤ SELinux āĻ http āĻĄāĻŋāĻŽāĻ¨āĻ• āĻŽā§‡āĻ‡āĻ˛ āĻāĻ•ā§āĻ¸āĻŋāĻ•āĻŋāĻ‰āĻŸ āĻ•ā§°āĻžā§° āĻĒā§°āĻž āĻĒā§ā§°āĻ¤āĻŋā§°ā§‹āĻ§ āĻ•ā§°āĻŋ āĻ†āĻ›ā§‡āĨ¤ SELinux āĻ $TARGET_PATH āĻ˛ā§‡ xen ($SOURCE_PATH) "$ACCESS" āĻ…āĻ­āĻŋāĻ—āĻŽ āĻĒā§ā§°āĻ¤āĻŋā§°ā§‹āĻ§ āĻ•ā§°āĻŋ āĻ†āĻ›ā§‡āĨ¤ SELinux āĻ¨ā§€āĻ¤āĻŋā§Ÿā§‡ āĻāĻŸāĻž httpd āĻ˛āĻŋāĻĒāĻŋāĻ• āĻāĻŸāĻž ā§°āĻžāĻœāĻšā§ā§ąāĻž āĻĄāĻžāĻ‡ā§°ā§‡āĻ•āĻŸā§°āĻŋāĻ˛ā§‡ āĻ˛āĻŋāĻ–āĻžā§° āĻĒā§°āĻž āĻĒā§ā§°āĻ¤āĻŋā§°ā§‹āĻ§ āĻ•ā§°āĻŋ āĻ†āĻ›ā§‡āĨ¤ SELinux āĻ¨ā§€āĻ¤āĻŋā§Ÿā§‡ āĻāĻŸāĻž httpd āĻ˛āĻŋāĻĒāĻŋāĻ• āĻāĻŸāĻž ā§°āĻžāĻœāĻšā§ā§ąāĻž āĻĄāĻžāĻ‡ā§°ā§‡āĻ•āĻŸā§°āĻŋāĻ˛ā§‡ āĻ˛āĻŋāĻ–āĻžā§° āĻĒā§°āĻž āĻĒā§ā§°āĻ¤āĻŋā§°ā§‹āĻ§ āĻ•ā§°āĻŋ āĻ†āĻ›ā§‡āĨ¤ āĻ¯āĻĻāĻŋ httpd āĻ• ā§°āĻžāĻœāĻšā§ā§ąāĻž āĻĄāĻžāĻ‡ā§°ā§‡āĻ•āĻŸā§°āĻŋāĻ˛ā§‡ āĻ˛āĻŋāĻ–āĻžā§° āĻŦāĻžāĻŦā§‡ āĻ¸āĻ‚āĻšāĻ¤ āĻ•ā§°āĻž āĻšā§‹ā§ąāĻž āĻ¨āĻžāĻ‡, āĻ‡ āĻāĻŸāĻž āĻ…āĻ¨āĻžāĻ§āĻŋāĻ•āĻžā§° āĻĒā§ā§°ā§ąā§‡āĻļā§° āĻšā§‡āĻˇā§āĻŸāĻž āĻ‡āĻ‚āĻ—āĻŋāĻ¤ āĻ•ā§°āĻŋāĻŦ āĻĒāĻžā§°ā§‡āĨ¤ SELinux āĻ $SOURCE āĻ• āĻĢāĻžāĻ‡āĻ˛ āĻ…āĻĨāĻŦāĻž āĻĄāĻžāĻ‡ā§°ā§‡āĻ•āĻŸā§°āĻŋāĻ¤ āĻŽāĻžāĻ‰āĻ¨ā§āĻŸ āĻ•ā§°āĻžā§° āĻĒā§°āĻž āĻĒā§ā§°āĻ¤āĻŋā§°ā§‹āĻ§ āĻ•ā§°āĻŋāĻ›āĻŋāĻ˛ "$TARGET_PATH" (type "$TARGET_TYPE")āĨ¤ SELinux http āĻĢāĻžāĻ‡āĻ˛āĻ¸āĻŽā§‚āĻšāĻ˛ā§‡ httpd $ACCESS āĻ…āĻ­āĻŋāĻ—āĻŽ āĻĒā§ā§°āĻ¤āĻŋā§°ā§‹āĻ§ āĻ•ā§°āĻŋāĻ˛ā§‡āĨ¤ SELinux āĻ ftp āĻĄāĻŋāĻŽāĻ¨āĻ• āĻāĻŸāĻž CIFS āĻĢāĻžāĻ‡āĻ˛āĻšāĻŋāĻ¸ā§āĻŸā§‡āĻŽāĻ¤ āĻ¸āĻ‚ā§°āĻ•ā§āĻˇāĻŋāĻ¤ āĻĢāĻžāĻ‡āĻ˛āĻ¸āĻŽā§‚āĻš $ACCESS ā§° āĻĒā§°āĻž āĻĒā§ā§°āĻ¤āĻŋā§°ā§‹āĻ§ āĻ•ā§°āĻŋāĻ˛ā§‡āĨ¤ SELinux āĻ ftp āĻĄāĻŋāĻŽāĻ¨āĻ• āĻāĻŸāĻž NFS āĻĢāĻžāĻ‡āĻ˛āĻšāĻŋāĻ¸ā§āĻŸā§‡āĻŽāĻ¤ āĻ¸āĻ‚ā§°āĻ•ā§āĻˇāĻŋāĻ¤ āĻĢāĻžāĻ‡āĻ˛āĻ¸āĻŽā§‚āĻš $ACCESS ā§° āĻĒā§°āĻž āĻĒā§ā§°āĻ¤āĻŋā§°ā§‹āĻ§ āĻ•ā§°āĻŋāĻ˛ā§‡āĨ¤ $SOURCE āĻāĻĒā§āĻ˛āĻŋāĻ•ā§‡āĻšāĻ¨ā§‡ āĻšāĻŋāĻĒāĻ¤ āĻŽā§‡āĻŽā§°āĻŋā§° āĻ…āĻ­āĻŋāĻ—āĻŽ āĻ¸ā§ā§°āĻ•ā§āĻˇāĻž āĻĒā§°āĻŋā§ąā§°ā§āĻ¤āĻ¨ āĻ•ā§°āĻžā§° āĻšā§‡āĻˇā§āĻŸāĻž āĻ•ā§°āĻŋāĻ›ā§‡ (āĻ‰āĻĻāĻžāĻšā§°āĻŖāĻ¸ā§āĻŦā§°ā§‚āĻĒ, malloc āĻŦā§āĻ¯ā§ąāĻšāĻžā§° āĻ•ā§°āĻŋ āĻ†āĻŦāĻ¨ā§āĻŸāĻŋāĻ¤)āĨ¤ āĻ‡ āĻāĻŸāĻž āĻŦāĻŋāĻ­ā§ąā§€ā§Ÿ āĻ¸ā§ā§°āĻ•ā§āĻˇāĻž āĻ¸āĻŽāĻ¸ā§āĻ¯āĻžāĨ¤ āĻāĻĒā§āĻ˛āĻŋāĻ•ā§‡āĻšāĻ¨āĻ¸āĻŽā§‚āĻšā§‡ āĻāĻ¨ā§‡ āĻ•ā§°āĻŋāĻŦ āĻ¨āĻžāĻ˛āĻžāĻ—ā§‡āĨ¤ āĻāĻĒā§āĻ˛āĻŋāĻ•ā§‡āĻšāĻ¨āĻ¸āĻŽā§‚āĻš āĻ•ā§‡āĻ¤āĻŋā§ŸāĻžāĻŦāĻž āĻ­ā§‚āĻ˛āĻ­āĻžā§ąā§‡ āĻ•'āĻĄ āĻ•ā§°āĻž āĻĨāĻžāĻ•ā§‡ āĻ†ā§°ā§ āĻāĻ‡ āĻ…āĻ¨ā§āĻŽāĻ¤āĻŋ āĻ…āĻ¨ā§ā§°ā§‹āĻ§ āĻ•ā§°ā§‡āĨ¤ SELinux āĻŽā§‡āĻŽā§°āĻŋ āĻ¸ā§ā§°āĻ•ā§āĻˇāĻž āĻĒā§°āĻŋāĻ•ā§āĻˇāĻžāĻ¸āĻŽā§‚āĻš ā§ąā§‡āĻŦ āĻĒā§ƒāĻˇā§āĻ āĻžā§Ÿ āĻ•ā§‡āĻ¨ā§‡āĻĻā§°ā§‡ āĻāĻ‡ āĻĒā§ā§°ā§Ÿā§‹āĻœāĻ¨ā§€ā§ŸāĻ¤āĻž āĻ†āĻ¤ā§°ā§‹ā§ąāĻž āĻšāĻŦ āĻ¤āĻžā§° āĻŦāĻŋā§ąā§°āĻŖ āĻĻāĻŋā§Ÿā§‡āĨ¤ āĻ¯āĻĻāĻŋ $SOURCE āĻ•āĻžā§°ā§āĻ¯ā§āĻ¯ āĻ¨āĻ•ā§°ā§‡ āĻ†ā§°ā§ āĻ†āĻĒā§āĻ¨āĻŋ āĻ‡ā§ŸāĻžāĻ• āĻ•āĻžā§°ā§āĻ¯ā§āĻ¯āĻ¤ āĻ•ā§°āĻŋāĻŦ āĻŦāĻŋāĻšāĻžā§°ā§‡, āĻ†āĻĒā§āĻ¨āĻŋ SELinux āĻ• āĻ…āĻ¸ā§āĻĨāĻžā§Ÿā§€āĻ­āĻžā§ąā§‡ āĻāĻ‡ āĻ…āĻ­āĻŋāĻ—āĻŽā§° āĻ…āĻ¨ā§āĻŽāĻ¤āĻŋ āĻĻāĻŋāĻŦāĻ˛ā§‡ āĻ¸āĻ‚ā§°ā§‚āĻĒāĻŖ āĻ•ā§°āĻŋāĻŦ āĻĒāĻžā§°ā§‡ āĻ¯ā§‡āĻ¤āĻŋā§ŸāĻžāĻ˛ā§ˆāĻ•ā§‡ āĻāĻĒā§āĻ˛āĻŋāĻ•ā§‡āĻšāĻ¨ āĻ āĻŋāĻ• āĻšā§ˆ āĻ¨āĻžāĻ¯āĻžā§ŸāĨ¤ āĻ…āĻ¨ā§āĻ—ā§ā§°āĻš āĻ•ā§°āĻŋ āĻāĻ‡ āĻĒā§‡āĻ•ā§‡āĻ‡āĻœā§° āĻŦāĻŋāĻĒā§°āĻŋāĻ¤ā§‡ āĻāĻŸāĻž āĻŦāĻžāĻ— āĻ¸āĻ‚āĻŦāĻžāĻĻ āĻœāĻŽāĻž āĻĻāĻŋā§ŸāĻ•āĨ¤ SELinux āĻĒā§°āĻŋāĻĒā§ā§°ā§‡āĻ•ā§āĻˇāĻ¤āĻŋāĻ¤ā§° āĻŦāĻžāĻšāĻŋā§°ā§‡ āĻ¸āĻ•āĻ˛ā§‹ āĻ…āĻ¨ā§āĻŽāĻ¤āĻŋ āĻ¸āĻ‚ā§°āĻ•ā§āĻˇāĻŖ āĻ•ā§°āĻŋāĻŦāĻ˛ā§‡ "cp -p" ā§° āĻ¨āĻŋāĻšāĻŋāĻ¨āĻž āĻāĻŸāĻž āĻ•āĻŽāĻžāĻ¨ā§āĻĄ āĻŦā§āĻ¯ā§ąāĻšāĻžā§° āĻ•ā§°āĻ•āĨ¤ āĻ†āĻĒā§āĻ¨āĻŋ chcon -R -t rsync_data_t '$TARGET_PATH' āĻāĻ•ā§āĻ¸āĻŋāĻ•āĻŋāĻ‰āĻŸ āĻ•ā§°āĻŋ āĻĢāĻžāĻ‡āĻ˛ āĻĒā§°āĻŋāĻĒā§ā§°ā§‡āĻ•ā§āĻˇāĻ¤āĻŋāĻ¤ āĻ¸āĻ˛āĻ¨āĻŋ āĻ•ā§°āĻŋāĻŦ āĻĒāĻžā§°āĻŋāĻŦ āĻ†āĻĒā§āĻ¨āĻŋ āĻ˛āĻ—āĻ¤ā§‡ āĻšāĻŋāĻ¸ā§āĻŸā§‡āĻŽāĻ¤ āĻ…āĻŦāĻŋāĻ•āĻ˛ā§āĻĒāĻŋāĻ¤ āĻĢāĻžāĻ‡āĻ˛ āĻĒā§°āĻŋāĻĒā§ā§°ā§‡āĻ•ā§āĻˇāĻ¤āĻŋāĻ¤ āĻĢāĻžāĻ‡āĻ˛āĻ¸āĻŽā§‚āĻš āĻ¸āĻ˛āĻ¨āĻŋ āĻ•ā§°āĻŋāĻŦ āĻ˛āĻžāĻ—āĻŋāĻŦ āĻ¸āĻŋāĻšāĻ¤āĻ• āĻāĻŸāĻž āĻ¸āĻŽā§āĻĒā§‚ā§°ā§āĻŖ āĻĒā§āĻ¨ā§°āĻ˛ā§‡āĻŦā§‡āĻ˛āĻ¤ āĻ¸āĻ‚ā§°āĻ•ā§āĻˇāĻŖ āĻ•ā§°āĻŋāĻŦāĻ˛ā§‡āĨ¤ "semanage fcontext -a -t rsync_data_t '$FIX_TARGET_PATH'" āĻ†āĻĒā§āĻ¨āĻŋ chcon -R -t samba_share_t '$TARGET_PATH' āĻāĻ•ā§āĻ¸āĻŋāĻ•āĻŋāĻ‰āĻŸ āĻ•ā§°āĻŋ āĻĢāĻžāĻ‡āĻ˛ āĻĒā§°āĻŋāĻĒā§ā§°ā§‡āĻ•ā§āĻˇāĻ¤āĻŋāĻ¤ āĻ¸āĻ˛āĻ¨āĻŋ āĻ•ā§°āĻŋāĻŦ āĻĒāĻžā§°āĻŋāĻŦ āĻ†āĻĒā§āĻ¨āĻŋ āĻ˛āĻ—āĻ¤ā§‡ āĻšāĻŋāĻ¸ā§āĻŸā§‡āĻŽāĻ¤ āĻ…āĻŦāĻŋāĻ•āĻ˛ā§āĻĒāĻŋāĻ¤ āĻĢāĻžāĻ‡āĻ˛ āĻĒā§°āĻŋāĻĒā§ā§°ā§‡āĻ•ā§āĻˇāĻ¤āĻŋāĻ¤ āĻĢāĻžāĻ‡āĻ˛āĻ¸āĻŽā§‚āĻš āĻ¸āĻ˛āĻ¨āĻŋ āĻ•ā§°āĻŋāĻŦ āĻ˛āĻžāĻ—āĻŋāĻŦ āĻ¯āĻžāĻ¤ā§‡ āĻ¸āĻŋāĻšāĻ¤āĻ• āĻāĻŸāĻž āĻ¸āĻŽā§āĻĒā§‚ā§°ā§āĻŖ āĻĒā§āĻ¨ā§°āĻ˛ā§‡āĻŦā§‡āĻ˛āĻ¤ āĻ¸āĻ‚ā§°āĻ•ā§āĻˇā§°āĻŖ āĻ•ā§°āĻŋāĻŦ āĻĒāĻžā§°āĻŋāĨ¤ "semanage fcontext -a -t samba_share_t '$FIX_TARGET_PATH'" āĻ†āĻĒā§āĻ¨āĻŋ āĻĢāĻžāĻ‡āĻ˛ āĻĒā§°āĻŋāĻĒā§ā§°ā§‡āĻ•ā§āĻˇāĻ¤āĻŋāĻ¤āĻ• chcon -t public_content_t '$TARGET_PATH' āĻāĻ•ā§āĻ¸āĻŋāĻ•āĻŋāĻ‰āĻŸ āĻ•ā§°āĻŋ āĻ¸āĻ˛āĻ¨āĻŋ āĻ•ā§°āĻŋāĻŦ āĻĒāĻžā§°āĻŋāĻŦ āĻ†āĻĒā§āĻ¨āĻŋ āĻ˛āĻ—āĻ¤ā§‡ āĻšāĻŋāĻ¸ā§āĻŸā§‡āĻŽā§° āĻ…āĻŦāĻŋāĻ•āĻ˛ā§āĻĒāĻŋāĻ¤ āĻĢāĻžāĻ‡āĻ˛ āĻĒā§°āĻŋāĻĒā§ā§°ā§‡āĻ•ā§āĻˇāĻ¤āĻŋāĻ¤ āĻĢāĻžāĻ‡āĻ˛āĻ¸āĻŽā§‚āĻš āĻ¸āĻ˛āĻ¨āĻŋ āĻ•ā§°āĻŋāĻŦ āĻ˛āĻžāĻ—āĻŋāĻŦ āĻ¯āĻžāĻ¤ā§‡ āĻ¸āĻŋāĻšāĻ¤āĻ• āĻāĻŸāĻž āĻ¸āĻŽā§āĻĒā§‚ā§°ā§āĻŖ āĻĒā§āĻ¨ā§°āĻ˛ā§‡āĻŦā§‡āĻ˛āĻ¤ āĻ¸āĻ‚ā§°āĻ•ā§āĻˇāĻŖ āĻ•ā§°āĻŋāĻŦ āĻĒāĻžā§°āĻŋāĨ¤ "semanage fcontext -a -t public_content_t '$FIX_TARGET_PATH'" āĻ†āĻĒā§āĻ¨āĻŋ chcon -t swapfile_t '$TARGET_PATH' āĻāĻ•ā§āĻ¸āĻŋāĻ•āĻŋāĻ‰āĻŸ āĻ•ā§°āĻŋ āĻĢāĻžāĻ‡āĻ˛ āĻĒā§°āĻŋāĻĒā§ā§°ā§‡āĻ•ā§āĻˇāĻ¤āĻŋāĻ¤ āĻ¸āĻ˛āĻ¨āĻŋ āĻ•ā§°āĻŋāĻŦ āĻĒāĻžā§°āĻŋāĻŦ āĻ†āĻĒā§āĻ¨āĻŋ āĻ˛āĻ—āĻ¤ā§‡ āĻšāĻŋāĻ¸ā§āĻŸā§‡āĻŽāĻ¤ āĻ…āĻŦāĻŋāĻ•āĻ˛ā§āĻĒāĻŋāĻ¤ āĻĢāĻžāĻ‡āĻ˛ āĻĒā§°āĻŋāĻĒā§ā§°ā§‡āĻ•ā§āĻˇāĻ¤āĻŋāĻ¤ āĻĢāĻžāĻ‡āĻ˛āĻ¸āĻŽā§‚āĻš āĻ¸āĻ˛āĻ¨āĻŋ āĻ•ā§°āĻŋāĻŦ āĻ˛āĻžāĻ—āĻŋāĻŦ āĻ¯āĻžāĻ¤ā§‡ āĻ¸āĻŋāĻšāĻ¤āĻ• āĻāĻŸāĻž āĻ¸āĻŽā§āĻĒā§‚ā§°ā§āĻŖ āĻĒā§āĻ¨ā§°āĻ˛ā§‡āĻŦā§‡āĻ˛āĻ¤ āĻ¸āĻ‚ā§°āĻ•ā§āĻˇāĻŖ āĻ•ā§°āĻŋāĻŦ āĻĒāĻžā§°āĻŋāĨ¤ "semanage fcontext -a -t swapfile_t '$FIX_TARGET_PATH'" āĻ†āĻĒā§āĻ¨āĻŋ āĻĢāĻžāĻ‡āĻ˛ āĻĒā§°āĻŋāĻĒā§ā§°ā§‡āĻ•ā§āĻˇāĻ¤āĻŋāĻ¤āĻ• chcon -t virt_image_t '$TARGET_PATH' āĻāĻ•ā§āĻ¸āĻŋāĻ•āĻŋāĻ‰āĻŸ āĻ•ā§°āĻŋ āĻ¸āĻ˛āĻ¨āĻŋ āĻ•ā§°āĻŋāĻŦ āĻĒāĻžā§°āĻŋāĻŦ āĻ†āĻĒā§āĻ¨āĻŋ āĻ˛āĻ—āĻ¤ā§‡ āĻšāĻŋāĻ¸ā§āĻŸā§‡āĻŽāĻ¤ āĻ…āĻŦāĻŋāĻ•āĻ˛ā§āĻĒāĻŋāĻ¤ āĻĢāĻžāĻ‡āĻ˛ āĻĒā§°āĻŋāĻĒā§ā§°ā§‡āĻ•ā§āĻˇāĻ¤āĻŋāĻ¤ āĻĢāĻžāĻ‡āĻ˛āĻ¸āĻŽā§‚āĻš āĻ¸āĻ˛āĻ¨āĻŋ āĻ•ā§°āĻŋāĻŦ āĻ˛āĻžāĻ—āĻŋāĻŦ āĻ¯āĻžāĻ¤ā§‡ āĻ¸āĻŋāĻšāĻ¤āĻ• āĻāĻŸāĻž āĻ¸āĻŽā§āĻĒā§‚ā§°ā§āĻŖ āĻĒā§āĻ¨ā§° āĻ˛ā§‡āĻŦā§‡āĻ˛āĻ¤ āĻ¸āĻ‚ā§°āĻ•ā§āĻˇāĻŖ āĻ•ā§°āĻŋāĻŦ āĻĒāĻžā§°āĻŋāĨ¤ "semanage fcontext -a -t virt_image_t '$FIX_TARGET_PATH'" āĻ†āĻĒā§āĻ¨āĻŋ chcon -t xen_image_t '$TARGET_PATH' āĻāĻ•ā§āĻ¸āĻŋāĻ•āĻŋāĻ‰āĻŸ āĻ•ā§°āĻŋ āĻĢāĻžāĻ‡āĻ˛ āĻĒā§°āĻŋāĻĒā§ā§°ā§‡āĻ•ā§āĻˇāĻ¤āĻŋāĻ¤ āĻ¸āĻ˛āĻ¨āĻŋ āĻ•ā§°āĻŋāĻŦ āĻĒāĻžā§°āĻŋāĻŦ āĻ†āĻĒā§āĻ¨āĻŋ āĻ˛āĻ—āĻ¤ā§‡ āĻšāĻŋāĻ¸ā§āĻŸā§‡āĻŽā§° āĻ…āĻŦāĻŋāĻ•āĻ˛ā§āĻĒāĻŋāĻ¤ āĻĢāĻžāĻ‡āĻ˛ āĻĒā§°āĻŋāĻĒā§ā§°ā§‡āĻ•ā§āĻˇāĻ¤āĻŋāĻ¤ āĻĢāĻžāĻ‡āĻ˛āĻ¸āĻŽā§‚āĻš āĻ¸āĻ˛āĻ¨āĻŋ āĻ•ā§°āĻŋāĻŦ āĻ˛āĻžāĻ—āĻŋāĻŦ āĻ¯āĻžāĻ¤ā§‡ āĻ¸āĻŋāĻšāĻ¤āĻ• āĻāĻŸāĻž āĻ¸āĻŽā§āĻĒā§‚ā§°ā§āĻŖ āĻĒā§āĻ¨ā§°āĻ˛ā§‡āĻŦā§‡āĻ˛āĻ¤ āĻ¸āĻ‚ā§°āĻ•ā§āĻˇāĻŖ āĻ•ā§°āĻŋāĻŦ āĻĒāĻžā§°āĻŋāĨ¤ "semanage fcontext -a -t xen_image_t '$FIX_TARGET_PATH'" āĻ†āĻĒā§āĻ¨āĻŋ āĻ†āĻĒā§‹āĻ¨āĻžā§° āĻ•āĻŽāĻĒāĻŋāĻ‰āĻŸāĻžā§° āĻšāĻŋāĻ¸ā§āĻŸā§‡āĻŽ āĻĒā§āĻ¨ā§° āĻ˛ā§‡āĻŦā§‡āĻ˛ āĻ•ā§°āĻŋāĻŦāĻ˛ā§‡ āĻ¨āĻŋāĻŽā§āĻ¨āĻ˛āĻŋāĻ–āĻŋāĻ¤ āĻ•āĻŽāĻžāĻ¨ā§āĻĄāĻ• ā§°ā§āĻŸ āĻšāĻŋāĻšāĻžāĻĒā§‡ āĻĒā§ā§°ā§‡ā§°āĻŖ āĻ•ā§°āĻŋāĻŦ āĻĒāĻžā§°ā§‡: "touch /.autorelabel; reboot" āĻ†āĻĒā§āĻ¨āĻŋ āĻāĻ‡ āĻ…āĻ­āĻŋāĻ—āĻŽā§° āĻ…āĻ¨ā§āĻŽāĻ¤āĻŋ āĻĻāĻŋāĻŦāĻ˛ā§‡ āĻāĻŸāĻž āĻ¸ā§āĻĨāĻžāĻ¨ā§€ā§Ÿ āĻ¨ā§€āĻ¤āĻŋ āĻŽāĻĄāĻŋāĻ‰āĻ˛ āĻ¸ā§ƒāĻœāĻ¨ āĻ•ā§°āĻŋāĻŦ āĻĒāĻžā§°ā§‡ - FAQ āĻšāĻžāĻ“āĻ• āĻ…āĻ¨ā§āĻ—ā§ā§°āĻš āĻ•ā§°āĻŋ āĻāĻŸāĻž āĻŦāĻžāĻ— āĻ¸āĻ‚āĻŦāĻžāĻĻ āĻœāĻŽāĻž āĻĻāĻŋā§ŸāĻ•āĨ¤ āĻ†āĻĒā§āĻ¨āĻŋ āĻāĻ‡ āĻ…āĻ­āĻŋāĻ—āĻŽā§° āĻ…āĻ¨ā§āĻŽāĻ¤āĻŋ āĻĻāĻŋāĻŦāĻ˛ā§‡ āĻāĻŸāĻž āĻ¸ā§āĻĨāĻžāĻ¨ā§€ā§Ÿ āĻ¨ā§€āĻ¤āĻŋ āĻŽāĻĄāĻŋāĻ‰āĻ˛ āĻ¸ā§ƒāĻœāĻ¨ āĻ•ā§°āĻŋāĻŦ āĻĒāĻžā§°ā§‡ - FAQ āĻšāĻžāĻ“āĻ• āĻ†āĻĒā§āĻ¨āĻŋ āĻāĻ‡ āĻĢāĻžāĻ‡āĻ˛āĻ˛ā§ˆ āĻ…āĻŦāĻŋāĻ•āĻ˛ā§āĻĒāĻŋāĻ¤ āĻšāĻŋāĻ¸ā§āĻŸā§‡āĻŽ āĻĒā§°āĻŋāĻĒā§ā§°ā§‡āĻ•ā§āĻˇāĻ¤āĻŋāĻ¤ āĻĒā§āĻ¨ā§°ā§āĻĻā§āĻ§āĻžā§° āĻ•ā§°āĻŋāĻŦ āĻĒāĻžā§°āĻŋāĻŦ restorecon āĻ•āĻŽāĻžāĻ¨ā§āĻĄ āĻāĻ•ā§āĻ¸āĻŋāĻ•āĻŋāĻ‰āĻŸ āĻ•ā§°āĻŋāĨ¤ restorecon '$SOURCE_PATH'. āĻ†āĻĒā§āĻ¨āĻŋ restorecon āĻ•āĻŽāĻžāĻ¨ā§āĻĄ āĻāĻ•ā§āĻ¸āĻŋāĻ•āĻŋāĻ‰āĻŸ āĻ•ā§°āĻŋ āĻ…āĻŦāĻŋāĻ•āĻ˛ā§āĻĒāĻŋāĻ¤ āĻšāĻŋāĻ¸ā§āĻŸā§‡āĻŽ āĻĒā§°āĻŋāĻĒā§ā§°ā§‡āĻ•ā§āĻˇāĻ¤āĻŋāĻ¤āĻ• āĻāĻ‡ āĻĢāĻžāĻ‡āĻ˛āĻ˛ā§‡ āĻĒā§āĻ¨ā§°āĻ‰āĻĻā§āĻ§āĻžā§° āĻ•ā§°āĻŋāĻŦ āĻĒāĻžā§°āĻŋāĻŦāĨ¤ restorecon '$TARGET_PATH', āĻ¯āĻĻāĻŋ āĻāĻ‡ āĻĢāĻžāĻ‡āĻ˛ āĻāĻŸāĻž āĻĄāĻžāĻ‡ā§°ā§‡āĻ•āĻŸā§°āĻŋ āĻšā§Ÿ, āĻ†āĻĒā§āĻ¨āĻŋ restorecon -R '$TARGET_PATH' āĻŦā§āĻ¯ā§ąāĻšāĻžā§° āĻ•ā§°āĻŋ āĻŦāĻžā§°āĻ‚āĻŦāĻžā§° āĻĒā§āĻ¨ā§°āĻ‰āĻĻā§āĻ§āĻžā§° āĻ•ā§°āĻŋāĻŦ āĻĒāĻžā§°āĻŋāĻŦāĨ¤ āĻ†āĻĒā§‹āĻ¨āĻžā§° āĻšāĻŋāĻ¸ā§āĻŸā§‡āĻŽāĻ¤ āĻ—ā§ā§°ā§āĻ¤ā§°āĻ­āĻžā§ąā§‡ āĻ¸āĻžāĻ˛ āĻ¸āĻ˛āĻ¨āĻŋ āĻšāĻŦ āĻĒāĻžā§°ā§‡! āĻ†āĻĒā§‹āĻ¨āĻžā§° āĻšāĻŋāĻ¸ā§āĻŸā§‡āĻŽ āĻ—ā§ā§°ā§āĻ¤ā§°āĻ­āĻžā§ąā§‡ āĻ¸āĻžāĻ˛ āĻ¸āĻ˛āĻ¨āĻŋ āĻšāĻŦ āĻĒāĻžā§°ā§‡! $SOURCE_PATH āĻ āĻ¨āĻŋāĻŽā§āĻ¨ āĻ•āĻžā§°āĻ¨ā§‡āĻ˛ āĻŽā§‡āĻŽā§°āĻŋ mmap āĻ•ā§°āĻžā§° āĻšā§‡āĻˇā§āĻŸāĻž āĻ•ā§°āĻŋāĻ›āĻŋāĻ˛āĨ¤ āĻ†āĻĒā§‹āĻ¨āĻžā§° āĻšāĻŋāĻ¸ā§āĻŸā§‡āĻŽāĻ¤ āĻ—ā§ā§°āĻ¤ā§°āĻ­āĻžā§ąā§‡ āĻ¸āĻžāĻ˛ āĻ¸āĻ˛āĻ¨āĻŋ āĻšāĻŦ āĻĒāĻžā§°ā§‡! $SOURCE_PATH āĻ āĻāĻŸāĻž āĻ•āĻžā§°āĻ¨ā§‡āĻ˛ āĻŽāĻĄāĻŋāĻ‰āĻ˛ āĻ˛'āĻĄ āĻ•ā§°āĻžā§° āĻšā§‡āĻˇā§āĻŸāĻž āĻ•ā§°āĻŋāĻ›āĻŋāĻ˛āĨ¤ āĻ†āĻĒā§‹āĻ¨āĻžā§° āĻšāĻŋāĻ¸ā§āĻŸā§‡āĻŽāĻ¤ āĻ—ā§ā§°ā§āĻ¤ā§°āĻ­āĻžā§ąā§‡ āĻ¸āĻžāĻ˛ āĻ¸āĻ˛āĻ¨āĻŋ āĻšāĻŦ āĻĒāĻžā§°ā§‡! $SOURCE_PATH āĻ SELinux āĻŦāĻ˛ā§ąā§ŽāĻ•ā§°āĻŖ āĻ¸āĻ˛āĻ¨āĻŋ āĻ•ā§°āĻžā§° āĻšā§‡āĻˇā§āĻŸāĻž āĻ•ā§°āĻŋāĻ›āĻŋāĻ˛āĨ¤ āĻ†āĻĒā§‹āĻ¨āĻžā§° āĻšāĻŋāĻ¸ā§āĻŸā§‡āĻŽāĻ¤ āĻ—ā§ā§°ā§āĻ¤ā§°āĻ­āĻžā§ąā§‡ āĻ¸āĻžāĻ˛ āĻ¸āĻžāĻ˛āĻ¨āĻŋ āĻšāĻŦ āĻĒāĻžā§°ā§‡! $SOURCE_PATH āĻ āĻ•āĻžā§°āĻ¨ā§‡āĻ˛ āĻ¸āĻ‚ā§°ā§‚āĻĒ āĻ¸āĻ˛āĻ¨āĻŋ āĻ•ā§°āĻžā§° āĻšā§‡āĻˇā§āĻŸāĻž āĻ•ā§°āĻŋāĻ›āĻŋāĻ˛āĨ¤ IPV6 āĻ¸āĻ āĻŋāĻ•āĻ­āĻžā§ąā§‡ āĻ…āĻ¸āĻžāĻŽā§°ā§āĻĨāĻŦāĻžāĻ¨ āĻ•ā§°āĻ•āĨ¤ āĻšā§Ÿ mozplluger āĻĒā§‡āĻ•ā§‡āĻ‡āĻœāĻ• 'yum remove mozplugger' āĻāĻ•ā§āĻ¸āĻŋāĻ•āĻŋāĻ‰āĻŸ āĻ•ā§°āĻŋ āĻ†āĻ¤ā§°āĻžāĻ“āĻ• āĻ…āĻĨāĻŦāĻž Firefox āĻĒā§āĻ˛āĻžāĻ—āĻŋāĻ¨āĻ¸āĻŽā§‚āĻšāĻ¤ SELinux enforcement āĻŦāĻ¨ā§āĻ§ āĻ•ā§°āĻ•āĨ¤ setsebool -P unconfined_mozilla_plugin_transition 0 āĻ¯āĻĻāĻŋ āĻ†āĻĒā§āĻ¨āĻŋ āĻĒā§ā§°āĻ—ā§ā§°āĻžāĻŽāĻ• āĻĒā§ā§°āĻļā§āĻ¨āĻ¤ āĻšāĻ˛āĻžāĻŦāĻ˛ā§‡ āĻ¨āĻŋā§°ā§āĻ§āĻžā§°āĻ¨ āĻ•ā§°āĻŋāĻ›ā§‡ āĻ†āĻĒā§‹āĻ¨āĻžā§° āĻāĻ‡ āĻ•āĻžā§°ā§āĻ¯ā§āĻ¯āĻ• āĻ…āĻ¨ā§āĻŽāĻ¤āĻŋ āĻĻāĻŋā§ŸāĻžā§° āĻĒā§ā§°ā§Ÿā§‹āĻœāĻ¨ āĻšāĻŦ āĻ‡ā§ŸāĻžāĻ• āĻ•āĻŽāĻžāĻ¨ā§āĻĄ āĻļāĻžā§°ā§€āĻ¤ āĻ•ā§°āĻŋāĻŦ āĻĒā§°āĻž āĻ¯āĻžāĻŦ āĻāĻ•ā§āĻ¸āĻŋāĻ•āĻŋāĻ‰āĻŸ āĻ•ā§°āĻŋ: # setsebool -P mmap_low_allowed 1 āĻ†āĻĒā§āĻ¨āĻŋ āĻāĻŸāĻž %s āĻ¤ āĻāĻŸāĻž āĻ§ā§°āĻŖ āĻ¸ā§āĻĨāĻžāĻĒāĻ¨ āĻ•ā§°āĻŋāĻŦ āĻšā§‡āĻˇā§āĻŸāĻž āĻ•ā§°āĻŋāĻ›ā§‡ āĻ¯āĻŋ āĻāĻŸāĻž āĻĢāĻžāĻ‡āĻ˛ āĻ§ā§°āĻŖ āĻ¨āĻšā§ŸāĨ¤ āĻ‡ā§ŸāĻžā§° āĻ…āĻ¨ā§āĻŽāĻ¤āĻŋ āĻ¨āĻžāĻ‡, āĻ†āĻĒā§āĻ¨āĻŋ āĻāĻŸāĻž āĻĢāĻžāĻ‡āĻ˛ āĻ§ā§°āĻŖ āĻ§āĻžā§°ā§āĻ¯ā§āĻ¯ āĻ•ā§°āĻŋāĻŦ āĻ˛āĻžāĻ—āĻŋāĻŦāĨ¤ āĻ†āĻĒā§āĻ¨āĻŋ seinfo āĻ•āĻŽāĻžāĻ¨ā§āĻĄ āĻŦā§āĻ¯ā§ąāĻšāĻžā§° āĻ•ā§°āĻŋ āĻ¸āĻ•āĻ˛ā§‹ āĻĢāĻžāĻ‡āĻ˛ āĻ§ā§°āĻŖ āĻ¤āĻžāĻ˛āĻŋāĻ•āĻžāĻ­ā§āĻ•ā§āĻ¤ āĻ•ā§°āĻŋāĻŦ āĻĒāĻžā§°āĻŋāĻŦāĨ¤ seinfo -afile_type -x "$BOOLEAN" āĻ†ā§°ā§ "$WRITE_BOOLEAN" āĻŦā§āĻ˛āĻŋā§ŸāĻžāĻ¨āĻ¸āĻŽā§‚āĻšāĻ• true āĻ˛ā§‡ āĻ¸āĻ˛āĻ¨āĻŋ āĻ•ā§°āĻŋāĻ˛ā§‡ āĻ…āĻ­āĻŋāĻ—āĻŽ āĻĒā§‹ā§ąāĻž āĻ¯āĻžāĻŦ: "setsebool -P $BOOLEAN=1 $WRITE_BOOLEAN=1". āĻ¸āĻ¤ā§°ā§āĻ•āĻŦāĻžā§°ā§āĻ¤āĻž: "$WRITE_BOOLEAN" āĻŦā§āĻ˛āĻŋā§ŸāĻžāĻ¨āĻ• true āĻ˛ā§‡ āĻ¸āĻ‚āĻšāĻ¤āĻŋ āĻ•ā§°āĻŋāĻ˛ā§‡ ftp āĻĄāĻŋāĻŽāĻ¨āĻ• āĻ¸āĻ•āĻ˛ā§‹ ā§°āĻžāĻœāĻšā§ā§ąāĻž āĻ¸āĻŽāĻ˛āĻ˛ā§‡ (āĻ§ā§°āĻŖ public_content_t ā§° āĻ¸ā§ˆāĻ¤ā§‡ āĻĢāĻžāĻ‡āĻ˛āĻ¸āĻŽā§‚āĻš āĻ†ā§°ā§ āĻĄāĻžāĻ‡ā§°ā§‡āĻ•āĻŸā§°āĻŋāĻ¸āĻŽā§‚āĻš ) āĻ˛āĻŋāĻ–āĻžā§° āĻ…āĻ¨ā§āĻŽāĻ¤āĻŋ āĻĻāĻŋā§ŸāĻž āĻšāĻŦ CIFS āĻĢāĻžāĻ‡āĻ˛āĻšāĻŋāĻ¸ā§āĻŸā§‡āĻŽāĻ¸āĻŽā§‚āĻšāĻ¤ āĻĢāĻžāĻ‡āĻ˛āĻ¸āĻŽā§‚āĻš āĻ†ā§°ā§ āĻĄāĻžāĻ‡ā§°ā§‡āĻ•āĻŸā§°āĻŋāĻ¸āĻŽā§‚āĻšāĻ˛ā§‡ āĻ˛āĻŋāĻ–āĻžā§° āĻ…āĻ¤āĻŋā§°āĻŋāĻ•ā§āĻ¤ā§‡āĨ¤ # semanage fcontext -a -t SIMILAR_TYPE '$FIX_TARGET_PATH' # restorecon -v '$FIX_TARGET_PATH'# semanage fcontext -a -t samba_share_t '$FIX_TARGET_PATH%s' # restorecon %s -v '$FIX_TARGET_PATH'# semanage fcontext -a -t virt_image_t '$FIX_TARGET_PATH' # restorecon -v '$FIX_TARGET_PATH'# semanage port -a -t %s -p %s $PORT_NUMBER# semanage port -a -t PORT_TYPE -p %s $PORT_NUMBER āĻ¯āĻ¤ PORT_TYPE āĻ¨āĻŋāĻŽā§āĻ¨āĻ˛āĻŋāĻ–āĻŋāĻ¤ā§° āĻāĻŸāĻž: %sāĨ¤āĻāĻŸāĻž āĻĒā§ā§°āĻ•ā§ā§°āĻŋā§ŸāĻžā§Ÿ āĻšā§ŸāĻ¤ā§‹ āĻ†āĻĒā§‹āĻ¨āĻžā§° āĻšāĻŋāĻ¸ā§āĻŸā§‡āĻŽ āĻšā§‡āĻ• āĻ•ā§°āĻžā§° āĻšā§‡āĻˇā§āĻŸāĻž āĻ•ā§°āĻŋ āĻ†āĻ›ā§‡āĨ¤net.ipv6.conf.all.disable_ipv6 = 1 āĻ• /etc/sysctl.conf āĻ˛ā§‡ āĻ¯ā§‹āĻ— āĻ•ā§°āĻ• āĻ†āĻĒā§‹āĻ¨āĻžā§° āĻ¸ā§ā§°āĻ•ā§āĻˇāĻž āĻĒā§ā§°āĻļāĻžāĻ¸āĻ•ā§° āĻ¸ā§ˆāĻ¤ā§‡ āĻ¯ā§‹āĻ—āĻžāĻ¯ā§‹āĻ— āĻ•ā§°āĻ• āĻ†ā§°ā§ āĻāĻ‡ āĻŦāĻŋāĻˇā§Ÿā§‡ āĻ¸ā§‚āĻšā§€āĻ¤ āĻ•ā§°āĻ•āĨ¤āĻĒā§āĻ¨ā§°ā§āĻĻā§āĻ§āĻžā§° āĻĒā§°āĻŋāĻĒā§ā§°ā§‡āĻ•ā§āĻˇāĻ¤āĻŋāĻ¤āĻĒā§°āĻŋāĻĒā§ā§°ā§‡āĻ•ā§āĻˇāĻ¤āĻŋāĻ¤ āĻĒā§āĻ¨ā§°ā§āĻĻā§āĻ§āĻžā§° āĻ•ā§°āĻ•SELinux āĻ $SOURCE_PATH "$ACCESS" āĻ…āĻ­āĻŋāĻ—āĻŽ āĻĒā§ā§°āĻ¤āĻŋā§°ā§‹āĻ§ āĻ•ā§°āĻŋ āĻ†āĻ›ā§‡āĨ¤āĻŽā§‡āĻŽā§°āĻŋ āĻ¸ā§ā§°āĻ•ā§āĻˇāĻž āĻŦāĻ¨ā§āĻ§ āĻ•ā§°āĻ•āĻ…āĻ§āĻŋāĻ• āĻŦāĻŋā§ąā§°āĻŖā§° āĻŦāĻžāĻŦā§‡ āĻ†āĻĒā§āĻ¨āĻŋ '%s' man āĻĒā§ƒāĻˇā§āĻ āĻž āĻĒā§āĻŋāĻŦ āĻĒāĻžā§°ā§‡āĨ¤āĻ†āĻĒā§‹āĻ¨āĻžāĻ• āĻšā§ŸāĻ¤ā§‹ āĻšā§‡āĻ• āĻ•ā§°āĻž āĻšā§ˆāĻ›ā§‡āĨ¤āĻ†āĻĒā§āĻ¨āĻŋ '%s' āĻŦā§āĻ˛āĻŋā§ŸāĻžāĻ¨ āĻ¸āĻžāĻŽā§°ā§āĻĨāĻŦāĻžāĻ¨ āĻ•ā§°āĻŋ SELinux āĻ• āĻ‡ā§ŸāĻžā§° āĻŦāĻŋāĻˇā§Ÿā§‡ āĻ•āĻŦ āĻ˛āĻžāĻ—āĻŋāĻŦāĨ¤ āĻ†āĻĒā§āĻ¨āĻŋ $FIX_TARGET_PATH āĻ¤ āĻ˛ā§‡āĻŦā§‡āĻ˛ āĻ¸āĻ˛āĻ¨āĻŋ āĻ•ā§°āĻŋāĻŦ āĻ˛āĻžāĻ—āĻŋāĻŦāĻ†āĻĒā§āĻ¨āĻŋ $TARGET_BASE_PATH ā§° āĻ˛ā§‡āĻŦā§‡āĻ˛ āĻ¸āĻ˛āĻ¨āĻŋ āĻ•ā§°āĻŋāĻŦ āĻ˛āĻžāĻ—āĻŋāĻŦāĻ†āĻĒā§āĻ¨āĻŋ $TARGET_BASE_PATH to public_content_t āĻ…āĻĨāĻŦāĻž public_content_rw_t āĻ¤ āĻ˛ā§‡āĻŦā§‡āĻ˛ āĻ¸āĻ˛āĻ¨āĻŋ āĻ•ā§°āĻŋāĻŦ āĻ˛āĻžāĻ—āĻŋāĻŦāĨ¤āĻ†āĻĒā§āĻ¨āĻŋ āĻ˛ā§‡āĻŦā§‡āĻ˛āĻ• $TARGET_BASE_PATH' āĻ¤ āĻ¸āĻ˛āĻ¨āĻŋ āĻ•ā§°āĻŋāĻŦ āĻ˛āĻžāĻ—āĻŋāĻŦāĻ†āĻĒā§āĻ¨āĻŋ $TARGET_PATH ā§° āĻ˛ā§‡āĻŦā§‡āĻ˛āĻ• āĻāĻŸāĻž āĻ¸āĻĻā§ƒāĻļ āĻ¯āĻ¨ā§āĻ¤ā§ā§°ā§° āĻ§ā§°āĻŖāĻ˛ā§‡ āĻ¸āĻ˛āĻ¨āĻŋ āĻ•ā§°āĻŋāĻŦ āĻ˛āĻžāĻ—āĻŋāĻŦāĨ¤āĻ†āĻĒā§āĻ¨āĻŋ '$FIX_TARGET_PATH' āĻ¤ āĻ˛ā§‡āĻŦā§‡āĻ˛ āĻ¸āĻ˛āĻ¨āĻŋ āĻ•ā§°āĻŋāĻŦ āĻ˛āĻžāĻ—āĻŋāĻŦ'āĻ†āĻĒā§āĻ¨āĻŋ āĻ‡ā§ŸāĻžāĻ• āĻāĻŸāĻž āĻŦāĻžāĻ— āĻšāĻŋāĻšāĻžāĻĒā§‡ āĻ¸āĻ‚āĻŦāĻžāĻĻ āĻĻāĻŋāĻŦ āĻ˛āĻžāĻ—āĻŋāĻŦāĨ¤ āĻ†āĻĒā§āĻ¨āĻŋ āĻāĻ‡ āĻ…āĻ­āĻŋāĻ—āĻŽā§° āĻ…āĻ¨ā§āĻŽāĻ¤āĻŋ āĻĻāĻŋāĻŦāĻ˛ā§‡ āĻāĻŸāĻž āĻ¸ā§āĻĨāĻžāĻ¨ā§€ā§Ÿ āĻ¨ā§€āĻ¤āĻŋ āĻŽāĻĄāĻŋāĻ‰āĻ˛ āĻ¸ā§ƒāĻœāĻ¨ āĻ•ā§°āĻŋāĻŦ āĻĒāĻžā§°ā§‡āĨ¤āĻ†āĻĒā§āĻ¨āĻŋ āĻ‡ā§ŸāĻžāĻ• āĻāĻŸāĻž āĻŦāĻžāĻ— āĻšāĻŋāĻšāĻžāĻĒā§‡ āĻ¸āĻ‚āĻŦāĻžāĻĻ āĻĻāĻŋāĻŦ āĻ˛āĻžāĻ—āĻŋāĻŦāĨ¤ āĻ†āĻĒā§āĻ¨āĻŋ āĻāĻ‡ āĻ…āĻ­āĻŋāĻ—āĻŽ āĻŦāĻŋāĻļā§āĻ˛ā§‡āĻˇāĻŖā§° āĻ…āĻ¨ā§āĻŽāĻ¤āĻŋ āĻ¨āĻŋāĻĻāĻŋāĻŦāĻ˛ā§‡ āĻāĻŸāĻž āĻ¸ā§āĻĨāĻžāĻ¨ā§€ā§Ÿ āĻ¨ā§€āĻ¤āĻŋ āĻŽāĻĄāĻŋāĻ‰āĻ˛ āĻ¸ā§ƒāĻœāĻ¨ āĻ•ā§°āĻŋāĻŦ āĻĒāĻžā§°ā§‡āĨ¤execstack -c %sāĻ¯āĻĻāĻŋ āĻ†āĻĒā§āĻ¨āĻŋ āĻ­āĻžā§ąā§‡ āĻ†āĻĒā§‹āĻ¨āĻžāĻ• āĻšā§‡āĻ• āĻ•ā§°āĻž āĻšā§ˆāĻ›ā§‡setsebool -P %s %sāĻ¨āĻŋā§ŸāĻŽ āĻ¨āĻŽāĻ¨āĻž āĻĢāĻžāĻ‡āĻ˛ā§° āĻĒāĻĨ āĻ¤āĻĨā§āĻ¯ āĻĒā§ā§°āĻžāĻĒā§āĻ¤ āĻ•ā§°āĻŋāĻŦāĻ˛ā§‡ āĻ†ā§°ā§ āĻ¤ā§ā§°ā§āĻŸāĻŋāĻ• āĻ†āĻ•ā§Œ āĻ¸ā§ƒāĻœāĻ¨ āĻ•ā§°āĻŋāĻŦāĻ˛ā§‡ āĻ¸āĻŽā§āĻĒā§‚ā§°ā§āĻŖ āĻ¸āĻŽā§āĻĒāĻžāĻĻāĻ¨ āĻ†ā§°āĻŽā§āĻ­ āĻ•ā§°āĻ•āĨ¤SELinux āĻĒā§°āĻŋāĻĒā§ā§°ā§‡āĻ•ā§āĻˇāĻ¤āĻŋāĻ¤ā§° āĻŦāĻžāĻšāĻŋā§°ā§‡ āĻ¸āĻ•āĻ˛ā§‹ āĻ…āĻ¨ā§āĻŽāĻ¤āĻŋ āĻ¸āĻ‚ā§°āĻ•ā§āĻˇāĻŖ āĻ•ā§°āĻŋāĻŦāĻ˛ā§‡ "cp -p" ā§° āĻ¨āĻŋāĻšāĻŋāĻ¨āĻž āĻāĻŸāĻž āĻ•āĻŽāĻžāĻ¨ā§āĻĄ āĻŦā§āĻ¯ā§ąāĻšāĻžā§° āĻ•ā§°āĻ•āĨ¤āĻ†āĻĒā§āĻ¨āĻŋ restorecon āĻšāĻ˛āĻžāĻŦ āĻĒāĻžā§°āĻŋāĻŦāĨ¤āĻ†āĻĒā§āĻ¨āĻŋ āĻāĻœāĻ¨ āĻšā§‡āĻ•āĻžā§° āĻĻā§āĻŦāĻžā§°āĻž āĻ†āĻ•ā§ā§°āĻŽāĻŖā§° āĻ¸āĻ¨ā§āĻŽā§āĻ–āĻŋāĻ¨ āĻšāĻŦ āĻĒāĻžā§°ā§‡, āĻ¯āĻŋāĻšā§‡āĻ¤ā§ āĻ—ā§‹āĻĒāĻŖ āĻāĻĒā§āĻ˛āĻŋāĻ•ā§‡āĻšāĻ¨āĻ¸āĻŽā§‚āĻšā§° āĻāĻ‡ āĻ…āĻ­āĻŋāĻ—āĻŽā§° āĻ•ā§‡āĻ¤āĻŋā§ŸāĻžāĻ“ āĻĒā§ā§°ā§Ÿā§‹āĻœāĻ¨ āĻ¨āĻšā§ŸāĨ¤āĻ†āĻĒā§āĻ¨āĻŋ āĻāĻœāĻ¨ āĻšā§‡āĻ•āĻžā§° āĻĻā§āĻŦāĻžā§°āĻž āĻ†āĻ•ā§ā§°āĻŽāĻŖā§° āĻ¸āĻ¨ā§āĻŽā§āĻ–āĻŋāĻ¨ āĻšāĻŦ āĻĒāĻžā§°ā§‡, āĻ¯āĻŋāĻšā§‡āĻ¤ā§ āĻ—ā§‹āĻĒāĻŖ āĻāĻĒā§āĻ˛āĻŋāĻ•ā§‡āĻšāĻ¨āĻ¸āĻŽā§‚āĻšā§° āĻāĻ‡ āĻ…āĻ­āĻŋāĻ—āĻŽā§° āĻĒā§ā§°ā§Ÿā§‹āĻœāĻ¨ āĻ¨āĻšā§ŸāĨ¤āĻ†āĻĒā§āĻ¨āĻŋ āĻāĻœāĻ¨ āĻšā§‡āĻ•āĻžā§° āĻĻā§āĻŦāĻžā§°āĻž āĻ†āĻ•ā§ā§°āĻŽāĻŖā§° āĻ¸āĻ¨ā§āĻŽā§āĻ–āĻŋāĻ¨ āĻšāĻŦ āĻĒāĻžā§°ā§‡, āĻ‡ āĻāĻŸāĻž āĻ…āĻ¤āĻŋ āĻŦāĻŋāĻĒāĻĻāĻœāĻ¨āĻ• āĻ…āĻ­āĻŋāĻ—āĻŽāĨ¤āĻ†āĻĒā§āĻ¨āĻŋ $TARGET_PATH āĻ¤ āĻ˛ā§‡āĻŦā§‡āĻ˛āĻŋāĻ‚ āĻ¸āĻ˛āĻ¨āĻŋ āĻ•ā§°āĻŋāĻŦ āĻ˛āĻžāĻ—āĻŋāĻŦāĨ¤āĻ†āĻĒā§āĻ¨āĻŋ āĻ˛ā§‡āĻŦā§‡āĻ˛āĻ¸āĻŽā§‚āĻš āĻ āĻŋāĻ• āĻ•ā§°āĻŋāĻŦ āĻ˛āĻžāĻ—āĻŋāĻŦāĨ¤āĻ†āĻĒā§āĻ¨āĻŋ cert āĻĢāĻžāĻ‡āĻ˛āĻ• ~/.cert āĻĄāĻžāĻ‡ā§°ā§‡āĻ•āĻŸā§°āĻŋāĻ˛ā§‡ āĻ¸ā§āĻĨāĻžāĻ¨āĻžāĻ¨ā§āĻ¤ā§° āĻ•ā§°āĻŋāĻŦ āĻ˛āĻžāĻ—āĻŋāĻŦāĻ†āĻĒā§āĻ¨āĻŋ āĻāĻŸāĻž āĻŦā§ˆāĻ§ āĻĢāĻžāĻ‡āĻ˛ āĻ˛ā§‡āĻŦā§‡āĻ˛ āĻŦāĻžāĻ›āĻŋāĻŦ āĻ˛āĻžāĻ—āĻŋāĻŦāĨ¤āĻ†āĻĒā§āĻ¨āĻŋ mozplugger āĻĒā§‡āĻ•ā§‡āĻ‡āĻœ āĻ†āĻ¤ā§°āĻžāĻŦ āĻ˛āĻžāĻ—āĻŋāĻŦāĨ¤āĻ‡ā§ŸāĻžā§° āĻ…āĻ¨ā§āĻŽāĻ¤āĻŋ āĻĻāĻŋāĻŦāĻ˛ā§‡ āĻ†āĻĒā§āĻ¨āĻŋ SELinux āĻ¸āĻ‚āĻ¸ā§āĻĨāĻžāĻĒāĻ¨ āĻ•ā§°āĻŋāĻŦ āĻ˛āĻžāĻ—āĻŋāĻŦāĻ†āĻĒā§āĻ¨āĻŋ SELinux āĻ• āĻ‡ā§ŸāĻžā§° āĻŦāĻŋāĻˇā§Ÿā§‡ āĻ¸ā§‚āĻšā§€āĻ¤ āĻ•ā§°āĻŋāĻŦ āĻ˛āĻžāĻ—ā§‡āĻ†āĻĒā§āĻ¨āĻŋ SELinux ā§° āĻ‡ā§ŸāĻžā§° āĻŦāĻŋāĻˇā§Ÿā§‡ 'httpd_unified' āĻ†ā§°ā§ 'http_enable_cgi' āĻŦā§āĻ˛āĻŋā§ŸāĻžāĻ¨āĻ¸āĻŽā§‚āĻš āĻ¸āĻžāĻŽā§°ā§āĻĨāĻŦāĻžāĻ¨ āĻ•ā§°āĻŋ āĻ•āĻŦ āĻ˛āĻžāĻ—āĻŋāĻŦāĻ†āĻĒā§āĻ¨āĻŋ vbetool_mmap_zero_ignore āĻŦā§āĻ˛āĻŋā§ŸāĻžāĻ¨ āĻ¸āĻžāĻŽā§°ā§āĻĨāĻŦāĻžāĻ¨ āĻ•ā§°āĻŋ SELinux āĻ• āĻ‡ā§ŸāĻžā§° āĻŦāĻŋāĻˇā§Ÿā§‡ āĻ•āĻŦ āĻ˛āĻžāĻ—āĻŋāĻŦāĨ¤āĻ†āĻĒā§āĻ¨āĻŋ SELinux āĻ• āĻ‡ā§ŸāĻžā§° āĻŦāĻŋāĻˇā§Ÿā§‡ wine_mmap_zero_ignore āĻŦā§āĻ˛āĻŋā§ŸāĻžāĻ¨ āĻ¸āĻžāĻŽā§°ā§āĻĨāĻŦāĻžāĻ¨ āĻ•ā§°āĻŋ āĻ•āĻŦ āĻ˛āĻžāĻ—āĻŋāĻŦāĨ¤āĻ†āĻĒā§āĻ¨āĻŋ Chrome āĻĒā§āĻ˛āĻžāĻ—āĻŋāĻ¨āĻ¸āĻŽā§‚āĻšāĻ¤ SELinux āĻ¨āĻŋā§ŸāĻ¨ā§āĻ¤ā§ā§°āĻŖāĻ¸āĻŽā§‚āĻš āĻŦāĻ¨ā§āĻ§ āĻ•ā§°āĻŋāĻŦ āĻ˛āĻžāĻ—āĻŋāĻŦāĨ¤āĻ†āĻĒā§āĻ¨āĻŋ Firefox āĻĒā§āĻ˛āĻžāĻ—āĻŋāĻ¨āĻ¸āĻŽā§‚āĻšāĻ¤ SELinux āĻ¨āĻŋā§ŸāĻ¨ā§āĻ¤ā§ā§°āĻ¨āĻ¸āĻŽā§‚āĻš āĻŦāĻ¨ā§āĻ§ āĻ•ā§°āĻŋāĻŦ āĻ˛āĻžāĻ—āĻŋāĻŦāĨ¤āĻ†āĻĒā§āĻ¨āĻŋ āĻ‡ā§ŸāĻžāĻ¤ āĻ˛ā§‡āĻŦā§‡āĻ˛āĻ¸āĻŽā§‚āĻš āĻ¯ā§‹āĻ— āĻ•ā§°āĻŋāĻŦ āĻ˛āĻžāĻ—āĻŋāĻŦāĨ¤āĻ†āĻĒā§āĻ¨āĻŋ $TARGET_PATH āĻ¤ āĻ˛ā§‡āĻŦā§‡āĻ˛āĻ• public_content_rw_t āĻ˛ā§‡ āĻ¸āĻ˛āĻ¨āĻŋ āĻ•ā§°āĻŋāĻŦ, āĻ†ā§°ā§ āĻŦāĻŋāĻ­ā§ąā§€ā§ŸāĻ­āĻžā§ąā§‡ allow_httpd_sys_script_anon_write āĻŦā§āĻ˛āĻŋā§ŸāĻžāĻ¨ āĻ…āĻ¨ āĻ•ā§°āĻŋāĻŦ āĻ˛āĻžāĻ—āĻŋāĻŦāĨ¤āĻ†āĻĒā§āĻ¨āĻŋ āĻ¸āĻŽā§āĻĒā§‚ā§°ā§āĻŖāĻ­āĻžā§ąā§‡ āĻĒā§āĻ¨ā§° āĻ˛ā§‡āĻŦā§‡āĻ˛ āĻ•ā§°āĻŋāĻŦ āĻ˛āĻžāĻ—āĻŋāĻŦāĨ¤āĻ†āĻĒā§āĻ¨āĻŋ āĻāĻŸāĻž āĻŦāĻžāĻ— āĻœāĻŽāĻž āĻĻāĻŋāĻŦ āĻ˛āĻžāĻ—āĻŋāĻŦāĨ¤ āĻ‡ āĻŦāĻŋāĻ­ā§ąā§€ā§ŸāĻ­āĻžā§ąā§‡ āĻŦāĻŋāĻĒāĻĻāĻœāĻ¨āĻ• āĻ…āĻ­āĻŋāĻ—āĻŽāĨ¤āĻ†āĻĒā§āĻ¨āĻŋ āĻāĻŸāĻž āĻŦāĻžāĻ— āĻœāĻŽāĻž āĻĻāĻŋāĻŦ āĻ˛āĻžāĻ—āĻŋāĻŦāĨ¤ āĻ‡ āĻŦāĻŋāĻ­ā§ąā§€ā§ŸāĻ­āĻžā§ąā§‡ āĻŦāĻŋāĻĒāĻĻāĻœāĻ¨āĻ• āĻ…āĻ­āĻŋāĻ—āĻŽāĨ¤āĻ†āĻĒā§āĻ¨āĻŋ /proc/sys/net/ipv6/conf/all/disable_ipv6 to āĻ• 1 āĻ˛ā§‡ āĻ¸āĻ‚āĻšāĻ¤āĻŋ āĻ•ā§°āĻŋāĻŦ āĻ˛āĻžāĻ—āĻŋāĻŦ āĻ†ā§°ā§ āĻŽāĻĄāĻŋāĻ‰āĻ˛āĻ• āĻŦā§āĻ˛ā§‡āĻ•āĻ˛āĻŋāĻ¸ā§āĻŸ āĻ•ā§°āĻŋāĻŦ āĻ˛āĻžāĻ—āĻŋāĻŦāĻ†āĻĒā§āĻ¨āĻŋ āĻāĻŸāĻž āĻŦā§‡āĻ˛ā§‡āĻ— āĻ•āĻŽāĻžāĻ¨ā§āĻĄ āĻŦā§āĻ¯ā§ąāĻšāĻžā§° āĻ•ā§°āĻŋāĻŦ āĻ˛āĻžāĻ—āĻŋāĻŦāĨ¤ āĻ†āĻĒā§‹āĻ¨āĻžāĻ• āĻ˛āĻ•ā§āĻˇā§āĻ¯ āĻĢāĻžāĻ‡āĻ˛āĻšāĻŋāĻ¸ā§āĻŸā§‡āĻŽāĻ¤ SELinux āĻĒā§°āĻŋāĻĒā§ā§°ā§‡āĻ•ā§āĻˇāĻ¤āĻŋāĻ¤ āĻ¸āĻ‚ā§°āĻ•ā§āĻˇāĻŖ āĻ•ā§°āĻžā§° āĻ…āĻ¨ā§āĻŽāĻ¤āĻŋ āĻ¨āĻžāĻ‡āĨ¤āĻ†āĻĒā§āĻ¨āĻŋ execstack āĻĢā§āĻ˛ā§‡āĻ— āĻĒā§°āĻŋāĻˇā§āĻ•āĻžā§° āĻ•ā§°āĻŋ āĻšāĻžāĻŦ āĻ˛āĻžāĻ—ā§‡ āĻ¯āĻĻāĻŋ $SOURCE_PATH āĻ¸āĻ āĻŋāĻ•āĻ­āĻžā§ąā§‡ āĻ•āĻžā§°ā§āĻ¯ā§āĻ¯ āĻ•ā§°ā§‡āĨ¤ āĻ‡ā§ŸāĻžāĻ• %s āĻ¤ āĻāĻŸāĻž āĻŦāĻžāĻ— āĻšāĻŋāĻšāĻžāĻĒā§‡ āĻ¸āĻ‚āĻŦāĻžāĻĻ āĻ•ā§°āĻ•āĨ¤ āĻ†āĻĒā§āĻ¨āĻŋ exestack āĻĢā§āĻ˛ā§‡āĻ—āĻ• āĻĒā§°āĻŋāĻˇā§āĻ•āĻžā§° āĻ•ā§°āĻŋāĻŦ āĻĒāĻžā§°āĻŋāĻŦ āĻĒā§ā§°ā§‡ā§°āĻŖ āĻ•ā§°āĻŋ: