{"id":36439,"date":"2023-11-17T21:37:26","date_gmt":"2023-07-08T06:57:43","guid":{"rendered":"https:\/\/www.silicloud.com\/zh\/blog\/%e9%98%90%e8%bf%b0-selinux-%e5%9c%a8-apache-%e4%b8%ad%e7%9a%84%e4%bd%9c%e7%94%a8\/"},"modified":"2024-05-04T09:35:12","modified_gmt":"2024-05-04T01:35:12","slug":"%e9%98%90%e8%bf%b0-selinux-%e5%9c%a8-apache-%e4%b8%ad%e7%9a%84%e4%bd%9c%e7%94%a8","status":"publish","type":"post","link":"https:\/\/www.silicloud.com\/zh\/blog\/%e9%98%90%e8%bf%b0-selinux-%e5%9c%a8-apache-%e4%b8%ad%e7%9a%84%e4%bd%9c%e7%94%a8\/","title":{"rendered":"\u9610\u8ff0 SELinux \u5728 Apache \u4e2d\u7684\u4f5c\u7528"},"content":{"rendered":"

\u8fd9\u662f\u7eed\u96c6<\/h1>\n

\u8bf7\u4f7f\u7528SELinux\u3002\u4f7f\u7528\u5427\u3002\u7531\u4e8e\u57282016\u5e74\u7684Linux Advent Calendar 2016\u4e0a\u53d1\u5e03\u4e86\u8fd9\u4e2a\u6d88\u606f\u540e\uff0c\u4e8b\u60c5\u53d8\u5f97\u5f88\u5927\uff0c\u6240\u4ee5\u6211\u51b3\u5b9a\u5199\u7eed\u7bc7\u3002<\/p>\n

\u8fd9\u6b21\u7684\u4e3b\u9898<\/h1>\n

\u6211\u4eec\u5c06\u5728\u542f\u7528SELinux\u73af\u5883\u548c\u7981\u7528SELinux\u73af\u5883\u4e0b\uff0c\u4f7f\u7528Apache\u8fd0\u884cCGI\u6765\u89c2\u5bdf\u5d4c\u5165\u540e\u95e8\u7684\u884c\u4e3a\u5dee\u5f02\u3002<\/p>\n

\u73af\u5883<\/h1>\n

\u64cd\u4f5c\u7cfb\u7edf: CentOS 7.3.1611
\nSELinux: \u76ee\u6807\u6a21\u5f0f<\/p>\n

\u4f7f\u7528 CGI<\/h1>\n

\u4e3a\u4e86\u8282\u7701\u9ebb\u70e6\uff0c\u6211\u4f7f\u7528 ncat\u3002
\n\u5f53 CGI \u6267\u884c\u65f6\uff0c\u5b83\u4f1a\u6253\u5f00 0.0.0.0:9000 \u5e76\u7b49\u5f85\u8fde\u63a5\u3002
\n\u5bf9\u4e8e CentOS\uff0c\u7531\u4e8e Apache \u7684\u5de5\u4f5c\u8fdb\u7a0b\u5728 apache \u7528\u6237\u4e0b\u8fd0\u884c\uff0c\u56e0\u6b64\u65e0\u6cd5\u6253\u5f00 Well-known Ports\uff0c\u6240\u4ee5\u6211\u9009\u62e9\u4e86\u4e00\u4e2a\u9002\u5f53\u7684\u7aef\u53e3\u3002
\n\u540c\u65f6\uff0c\u6211\u5c06\u5176\u6ce8\u518c\u4e3a HTTP \u7aef\u53e3\u3002\uff08\u56e0\u4e3a\u5982\u679c\u4f7f\u7528\u5b8c\u5168\u4e0d\u76f8\u5173\u7684\u7aef\u53e3\uff0c\u663e\u7136\u4f1a\u88ab\u963b\u6b62\uff0c\u8fd9\u6837\u5c31\u4e0d\u6709\u8da3\u4e86\uff09<\/p>\n

# semanage port -l | grep 9000\r\nhttp_port_t   tcp    80, 81, 443, 488, 8008, 8009, 8443, 9000\r\n<\/code><\/pre>\n
#!\/bin\/sh\r\necho \"content-type: text\/plain\"\r\necho \"\"\r\n\r\nnc 0.0.0.0 -l 9000 &\r\n<\/code><\/pre>\n
\u8ba9\u6211\u4eec\u8bd5\u8bd5\u770b<\/h1>\n
\u5982\u679c\u7981\u7528\u4e86SELinux\u6216\u8005\u8bbe\u7f6e\u4e3aPermissive\u6a21\u5f0f\u7684\u60c5\u51b5\u4e0b<\/h2>\n
\u9996\u5148\uff0c\u8bbf\u95eeCGI\u3002\u7531\u4e8e\u6ca1\u6709\u8fd4\u56de\u5185\u5bb9\uff0c\u6211\u4eec\u5c06\u5176\u963b\u585e\u3002<\/p>\n
$ curl localhost\/cgi-bin\/nc.sh\r\n<<< \u3053\u3053\u3067\u30d6\u30ed\u30c3\u30af\u3059\u308b >>>\r\n<\/code><\/pre>\n
\u7136\u540e\uff0cnc\u4f1a\u6253\u5f00\u5e76\u7b49\u5f859000\/tcp\u7aef\u53e3\u3002<\/p>\n
# ss -atnp\r\nState      Recv-Q Send-Q     Local Address:Port      Peer Address:Port\r\nLISTEN     0      128                    *:111                  *:*          users:((\"systemd\",pid=1,fd=40))\r\nLISTEN     0      5          192.168.122.1:53                   *:*          users:((\"dnsmasq\",pid=1343,fd=6))\r\nLISTEN     0      128                    *:22                   *:*          users:((\"sshd\",pid=1166,fd=3))\r\nLISTEN     0      128            127.0.0.1:631                  *:*          users:((\"cupsd\",pid=1144,fd=12))\r\nLISTEN     0      100            127.0.0.1:25                   *:*          users:((\"master\",pid=1291,fd=13))\r\nLISTEN     0      10                     *:9000                 *:*          users:((\"nc\",pid=2082,fd=3))\r\nESTAB      0      0          192.168.0.111:22         192.168.0.2:55270      users:((\"sshd\",pid=1953,fd=3),(\"sshd\",pid=1949,fd=3))\r\nESTAB      0      52         192.168.0.111:22         192.168.0.2:54375      users:((\"sshd\",pid=1452,fd=3),(\"sshd\",pid=1447,fd=3))\r\nLISTEN     0      128                   :::111                 :::*          users:((\"systemd\",pid=1,fd=39))\r\nLISTEN     0      128                   :::80                  :::*          users:((\"httpd\",pid=1902,fd=4),(\"httpd\",pid=1901,fd=4),(\"httpd\",pid=1900,fd=4),(\"httpd\",pid=1873,fd=4),(\"httpd\",pid=1870,fd=4),(\"httpd\",pid=1869,fd=4),(\"httpd\",pid=1868,fd=4),(\"httpd\",pid=1867,fd=4),(\"httpd\",pid=1866,fd=4),(\"httpd\",pid=1865,fd=4))\r\nLISTEN     0      128                   :::22                  :::*          users:((\"sshd\",pid=1166,fd=4))\r\nLISTEN     0      128                  ::1:631                 :::*          users:((\"cupsd\",pid=1144,fd=11))\r\nLISTEN     0      100                  ::1:25                  :::*          users:((\"master\",pid=1291,fd=14))\r\nESTAB      0      0                    ::1:80                 ::1:34120      users:((\"httpd\",pid=1869,fd=9))\r\nESTAB      0      0                    ::1:34120              ::1:80         users:((\"curl\",pid=2079,fd=3))\r\n<\/code><\/pre>\n
\u6211\u4f1a\u4ece\u53e6\u4e00\u4e2a\u7ec8\u7aef\u5411\u8fd9\u91cc\u53d1\u9001\u4e00\u6761\u6d88\u606f\u3002<\/p>\n
$ nc localhost 9000\r\nhogehoge\r\nfoobar\r\nfoobarbaz\r\n<<<Ctrl-D>>>\r\n<\/code><\/pre>\n
\u5f53\u6211\u5728 nc \u4e2d\u53d1\u9001\u6587\u5b57\u65f6\uff0c\u4e4b\u524d\u88ab\u5c01\u9501\uff08\u901a\u8fc7 curl\uff09\u7684\u7ec8\u7aef\u4f1a\u663e\u793a\u7ec8\u7aef 3 \u53d1\u9001\u7684\u6d88\u606f\u3002<\/p>\n
$ curl localhost\/cgi-bin\/nc.sh\r\nhogehoge\r\nfoobar\r\nfoobarbaz\r\n<\/code><\/pre>\n
\u53d1\u751f\u4e86\u4ec0\u4e48\u4e8b\u60c5\uff1f<\/h2>\n
\u5f53\u6267\u884cCGI\u65f6\uff0cnc\u4f1a\u6253\u5f000.0.0.0:9000\u5e76\u7b49\u5f85\u3002\u4ece\u5176\u4ed6\u7ec8\u7aef\u53d1\u9001\u4efb\u610f\u5b57\u7b26\u4e32\u5230\u8fd9\u4e2a\u5730\u5740\uff0c\u53ef\u4ee5\u5c06\u5b57\u7b26\u4e32\u53d1\u9001\u5230\u5ba2\u6237\u7aef\u3002<\/p>\n
\u5728\u8fd9\u4e2a\u4f8b\u5b50\u4e2d\uff0c\u6211\u4eec\u53ea\u662f\u53d1\u9001\u4e86\u4e00\u4e2a\u5b57\u7b26\u4e32\uff0c\u4f46\u662f\u771f\u6b63\u7684\u95ee\u9898\u662f<\/p>\n
    \n
  • \n
      \u4efb\u610f\u306e\u30b3\u30de\u30f3\u30c9\u3092\u5b9f\u884c\u3067\u304d\u3066\u3057\u307e\u3046<\/ul>\n<\/li>\n<\/ul>\n
       <\/p>\n
        \u5834\u5408\u306b\u3088\u3063\u3066\u306f\u4efb\u610f\u306e\u30dd\u30fc\u30c8\u3092\u958b\u304f\u3053\u3068\u304c\u3067\u304d\u3066\u3057\u307e\u3046<\/ul>\n
        \u8fd9\u662f\u6307\u7684\u3002 (Zh\u00e8 sh\u00ec zh\u01d0 de.)<\/p>\n
        \u8ba9\u6211\u4eec\u5c06SELinux\u5207\u6362\u5230Enforce\u6a21\u5f0f\u3002<\/h2>\n
        \u9996\u5148\u8981\u8bbf\u95ee CGI\u3002
        \n\u8fd9\u6b21\u4e0d\u4f1a\u8fd4\u56de\u4efb\u4f55\u5185\u5bb9\uff0c\u4e5f\u4e0d\u4f1a\u963b\u585e\u3002<\/p>\n
        $ curl localhost\/cgi-bin\/nc.sh\r\n$ \r\n<\/code><\/pre>\n
        nc \u662f\u4ec0\u4e48\uff1f<\/p>\n
        # ss -atnp\r\nState      Recv-Q Send-Q    Local Address:Port       Peer Address:Port\r\nLISTEN     0      128                   *:111                   *:*          users:((\"systemd\",pid=1,fd=40))\r\nLISTEN     0      5         192.168.122.1:53                    *:*          users:((\"dnsmasq\",pid=1343,fd=6))\r\nLISTEN     0      128                   *:22                    *:*          users:((\"sshd\",pid=1166,fd=3))\r\nLISTEN     0      128           127.0.0.1:631                   *:*          users:((\"cupsd\",pid=1144,fd=12))\r\nLISTEN     0      100           127.0.0.1:25                    *:*          users:((\"master\",pid=1291,fd=13))\r\nESTAB      0      0         192.168.0.111:22          192.168.0.2:55270      users:((\"sshd\",pid=1953,fd=3),(\"sshd\",pid=1949,fd=3))\r\nESTAB      0      0         192.168.0.111:22          192.168.0.2:54375      users:((\"sshd\",pid=1452,fd=3),(\"sshd\",pid=1447,fd=3))\r\nLISTEN     0      128                  :::111                  :::*          users:((\"systemd\",pid=1,fd=39))\r\nLISTEN     0      128                  :::80                   :::*          users:((\"httpd\",pid=1902,fd=4),(\"httpd\",pid=1901,fd=4),(\"httpd\",pid=1900,fd=4),(\"httpd\",pid=1873,fd=4),(\"httpd\",pid=1870,fd=4),(\"httpd\",pid=1869,fd=4),(\"httpd\",pid=1868,fd=4),(\"httpd\",pid=1867,fd=4),(\"httpd\",pid=1866,fd=4),(\"httpd\",pid=1865,fd=4))\r\nLISTEN     0      128                  :::22                   :::*          users:((\"sshd\",pid=1166,fd=4))\r\nLISTEN     0      128                 ::1:631                  :::*          users:((\"cupsd\",pid=1144,fd=11))\r\nLISTEN     0      100                 ::1:25                   :::*          users:((\"master\",pid=1291,fd=14))\r\n\r\n# ss -atnp | grep nc\r\n<\/code><\/pre>\n
        \u6211\u4e0d\u5728\u3002<\/p>\n
        \u8ba9\u6211\u4eec\u6765\u770b\u4e00\u4e0b Apache \u7684\u65e5\u5fd7\u3002<\/p>\n
        [Sun Jan 08 11:30:30.374900 2017] [cgi:error] [pid 1867] [client ::1:34144] AH01215: Ncat: bind to 0.0.0.0:9000: Permission denied. QUITTING.\r\n<\/code><\/pre>\n
        nc \u88ab\u62d2\u7edd\u8bb8\u53ef\u3002\u63a5\u4e0b\u6765\uff0c\u6211\u4eec\u6765\u67e5\u770b\u5ba1\u8ba1\u65e5\u5fd7\u3002<\/p>\n
        # ausearch -m avc\r\n...\uff08\u7565\uff09... \r\ntime->Sun Jan  8 11:30:30 2017\r\ntype=SYSCALL msg=audit(1483842630.373:431): arch=c000003e syscall=49 success=no exit=-13 a0=3 a1=658c60 a2=80 a3=7ffddcbf3e10 items=0 ppid=1 pid=31418 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm=\"nc\" exe=\"\/usr\/bin\/ncat\" subj=system_u:system_r:httpd_sys_script_t:s0 key=(null)\r\ntype=AVC msg=audit(1483842630.373:431): avc:  denied  { name_bind } for  pid=31418 comm=\"nc\" src=9000 scontext=system_u:system_r:httpd_sys_script_t:s0 tcontext=system_u:object_r:http_port_t:s0 tclass=tcp_socket\r\n<\/code><\/pre>\n
        \u56e0\u4e3a\u4e00\u4e2a\u540d\u4e3asystem_u\u7684\u8fdb\u7a0b\u8bd5\u56fe\u5728http_port_t\u76849000\/tcp\u4e0a\u7ed1\u5b9anc\uff0c\u6240\u4ee5\u88ab\u62d2\u7edd\u4e86\uff0c\u5e76\u5728\u5ba1\u8ba1\u65e5\u5fd7\u4e2d\u8bb0\u5f55\u4e0b\u6765\u3002<\/p>\n
        \u4e3a\u4ec0\u4e48\uff1f<\/h1>\n
        \u9996\u5148\u6211\u4eec\u6765\u770b\u4e00\u4e0b\u6267\u884c\u7684CGI\u4e0a\u4e0b\u6587\u3002
        \nCGI\u7684\u6267\u884c\u9700\u8981httpd_sys_script_exec_t\uff0c\u6b63\u5982\u4e4b\u524d\u6240\u8bf4\uff0cCGI\u672c\u8eab\u53ef\u4ee5\u6b63\u5e38\u8fd0\u884c\uff0c\u6240\u4ee5\u6587\u4ef6\u4e0a\u4e0b\u6587\u4e5f\u6b63\u786e\u9644\u52a0\u3002
        \n\u5ba1\u8ba1\u65e5\u5fd7\u4e2d\u4e5f\u6709\u8fd9\u4e2a\u4e0a\u4e0b\u6587\u7684\u8fdd\u89c4\u8bb0\u5f55\uff0c\u6240\u4ee5\u6ca1\u6709\u9519\u8bef\u3002<\/p>\n
        # ls -Z \/var\/www\/cgi-bin\/\r\n-rwxr-xr-x. root root unconfined_u:object_r:httpd_sys_script_exec_t:s0 nc.sh\r\n<\/code><\/pre>\n
        \u63a5\u4e0b\u6765\u6211\u4eec\u6765\u770b\u4e00\u4e0b SELinux \u7684\u8bbe\u7f6e\u3002
        \n\u4e3a\u4e86\u5c06\u7aef\u53e3\u7ed1\u5b9a\u5e76\u6253\u5f00\uff0c\u5fc5\u987b\u5141\u8bb8 name_bind\u3002<\/p>\n
        \u6211\u4eec\u6765\u67e5\u770bhttpd_sys_script_exec_t\u662f\u5426\u53ef\u4ee5\u5728name_bind\u6743\u9650\u4e0b\u7ed1\u5b9ahttp_port_t\u3002<\/p>\n
        # sesearch --allow -s httpd_sys_script_t | grep http_port_t\r\n# \r\n<\/code><\/pre>\n
        \u6ca1\u6709\u7b26\u5408\u6761\u4ef6\u7684\u7ed3\u679c\u3002
        \n\u90a3\u4e48\uff0c\u80fd\u8fdb\u884cname_bind\u7684\u7aef\u53e3\u662f\u4ec0\u4e48\u6837\u7684\u5462\uff1f<\/p>\n
        # sesearch --allow -s httpd_sys_script_t | grep name_bind\r\n   allow httpd_script_type ephemeral_port_t : udp_socket name_bind ;\r\n   allow nsswitch_domain port_t : udp_socket name_bind ;\r\n   allow httpd_script_type port_t : udp_socket name_bind ;\r\n   allow nsswitch_domain port_t : tcp_socket name_bind ;\r\n   allow nsswitch_domain ephemeral_port_t : udp_socket name_bind ;\r\n   allow httpd_script_type port_t : tcp_socket name_bind ;\r\n   allow nsswitch_domain unreserved_port_t : udp_socket name_bind ;\r\n   allow nsswitch_domain ephemeral_port_t : tcp_socket name_bind ;\r\n   allow httpd_script_type unreserved_port_t : udp_socket name_bind ;\r\n   allow httpd_script_type ephemeral_port_t : tcp_socket name_bind ;\r\n   allow nsswitch_domain unreserved_port_t : tcp_socket name_bind ;\r\n   allow httpd_script_type unreserved_port_t : tcp_socket name_bind ;\r\n<\/code><\/pre>\n
        \u6bd4\u5982\u4f5c\u4e3a\u5ba2\u6237\u7aef\uff0c\u53ef\u4ee5\u6253\u5f00\u4e34\u65f6\u7aef\u53e3\uff0832768-61000\uff09\u3002
        \n\u65e0\u6cd5\u81ea\u884c\u6253\u5f00\u7528\u4e8e\u670d\u52a1\u7684\u7aef\u53e3\u3002<\/p>\n
        \u56e0\u6b64\uff0c\u5728\u6b63\u786e\u914d\u7f6e SELinux \u7684\u60c5\u51b5\u4e0b\uff0c\u65e0\u6cd5\u975e\u6cd5\u5730\u6253\u5f00\u7aef\u53e3\u3002<\/p>\n
        \u987a\u4fbf\u8bf4\u4e00\u4e0b\uff0cApache \u662f\u5982\u4f55\u6253\u5f00 WKP \u7684 80\/tcp \u7aef\u53e3\u7684\u5462…<\/p>\n
        # ps xafZ | grep httpd | grep -v grep\r\nsystem_u:system_r:httpd_t:s0      1865 ?        Ss     0:00 \/usr\/sbin\/httpd -DFOREGROUND\r\nsystem_u:system_r:httpd_t:s0      1866 ?        S      0:00  \\_ \/usr\/sbin\/httpd -DFOREGROUND\r\nsystem_u:system_r:httpd_t:s0      1867 ?        S      0:00  \\_ \/usr\/sbin\/httpd -DFOREGROUND\r\nsystem_u:system_r:httpd_t:s0      1868 ?        S      0:00  \\_ \/usr\/sbin\/httpd -DFOREGROUND\r\nsystem_u:system_r:httpd_t:s0      1869 ?        S      0:00  \\_ \/usr\/sbin\/httpd -DFOREGROUND\r\nsystem_u:system_r:httpd_t:s0      1870 ?        S      0:00  \\_ \/usr\/sbin\/httpd -DFOREGROUND\r\nsystem_u:system_r:httpd_t:s0      1873 ?        S      0:00  \\_ \/usr\/sbin\/httpd -DFOREGROUND\r\nsystem_u:system_r:httpd_t:s0      1900 ?        S      0:00  \\_ \/usr\/sbin\/httpd -DFOREGROUND\r\nsystem_u:system_r:httpd_t:s0      1901 ?        S      0:00  \\_ \/usr\/sbin\/httpd -DFOREGROUND\r\nsystem_u:system_r:httpd_t:s0      1902 ?        S      0:00  \\_ \/usr\/sbin\/httpd -DFOREGROUND\r\n\r\n# sesearch --allow -s httpd_t -t http_port_t\r\nFound 11 semantic av rules:\r\n   allow httpd_t port_type : tcp_socket { recv_msg send_msg } ;\r\n   allow httpd_t port_type : udp_socket { recv_msg send_msg } ;\r\n   allow httpd_t http_port_t : udp_socket name_bind ;\r\n   allow httpd_t http_port_t : tcp_socket name_bind ;\r\n   allow httpd_t port_type : tcp_socket name_connect ;\r\n   allow nsswitch_domain port_type : udp_socket recv_msg ;\r\n   allow nsswitch_domain port_type : udp_socket send_msg ;\r\n   allow nsswitch_domain port_type : tcp_socket { recv_msg send_msg } ;\r\n   allow httpd_t http_port_t : tcp_socket name_connect ;\r\n   allow httpd_t http_port_t : tcp_socket name_connect ;\r\n   allow nsswitch_domain reserved_port_type : tcp_socket name_connect ;\r\n<\/code><\/pre>\n
        \u5982\u4e0a\u6240\u8ff0\uff0chttpd_t\u4e0a\u4e0b\u6587\u5141\u8bb8\u6253\u5f00http_port_t\u7aef\u53e3\u3002<\/p>\n
        \u6700\u540e<\/h1>\n
        \u672c\u6b21\u6211\u4eec\u6545\u610f\u6267\u884c\u4e86\u672a\u5728\u7b56\u7565\u4e2d\u5b9a\u4e49\u7684\u975e\u6cd5\u884c\u4e3a\uff0c\u5e76\u89c2\u5bdf\u4e86\u7ed3\u679c\u3002
        \n\u5f53\u7136\uff0c\u5982\u679c\u9700\u8981\u8fd9\u6837\u7684\u64cd\u4f5c\uff0c\u53ef\u4ee5\u81ea\u884c\u5b9a\u4e49\u7aef\u53e3\u5e76\u4e3aSELinux\u5b9a\u4e49\u7b56\u7565\uff0c\u4ee5\u786e\u4fdd\u6b63\u786e\u8fd0\u884c\u3002<\/p>\n
        \u6211\u4eec\u4e0b\u6b21\u5199\u4e00\u4e0b\u6b65\u9aa4\u5427…<\/p>\n","protected":false},"excerpt":{"rendered":"
        \u8fd9\u662f\u7eed\u96c6 \u8bf7\u4f7f\u7528SELinux\u3002\u4f7f\u7528\u5427\u3002\u7531\u4e8e\u57282016\u5e74\u7684Linux Advent Calendar 2016 […]<\/p>\n","protected":false},"author":6,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-36439","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"yoast_head":"\n\u9610\u8ff0 SELinux \u5728 Apache \u4e2d\u7684\u4f5c\u7528 - Blog - Silicon Cloud<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.silicloud.com\/zh\/blog\/\u9610\u8ff0-selinux-\u5728-apache-\u4e2d\u7684\u4f5c\u7528\/\" \/>\n<meta property=\"og:locale\" content=\"zh_CN\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"\u9610\u8ff0 SELinux \u5728 Apache \u4e2d\u7684\u4f5c\u7528\" \/>\n<meta property=\"og:description\" content=\"\u8fd9\u662f\u7eed\u96c6 \u8bf7\u4f7f\u7528SELinux\u3002\u4f7f\u7528\u5427\u3002\u7531\u4e8e\u57282016\u5e74\u7684Linux Advent Calendar 2016 […]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.silicloud.com\/zh\/blog\/\u9610\u8ff0-selinux-\u5728-apache-\u4e2d\u7684\u4f5c\u7528\/\" \/>\n<meta property=\"og:site_name\" content=\"Blog - Silicon Cloud\" \/>\n<meta property=\"article:published_time\" content=\"2023-07-08T06:57:43+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-05-04T01:35:12+00:00\" \/>\n<meta name=\"author\" content=\"\u6587, \u7fd4\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"\u4f5c\u8005\" \/>\n\t<meta name=\"twitter:data1\" content=\"\u6587, \u7fd4\" \/>\n\t<meta name=\"twitter:label2\" content=\"\u9884\u8ba1\u9605\u8bfb\u65f6\u95f4\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 \u5206\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.silicloud.com\/zh\/blog\/%e9%98%90%e8%bf%b0-selinux-%e5%9c%a8-apache-%e4%b8%ad%e7%9a%84%e4%bd%9c%e7%94%a8\/\",\"url\":\"https:\/\/www.silicloud.com\/zh\/blog\/%e9%98%90%e8%bf%b0-selinux-%e5%9c%a8-apache-%e4%b8%ad%e7%9a%84%e4%bd%9c%e7%94%a8\/\",\"name\":\"\u9610\u8ff0 SELinux \u5728 Apache \u4e2d\u7684\u4f5c\u7528 - Blog - Silicon Cloud\",\"isPartOf\":{\"@id\":\"https:\/\/www.silicloud.com\/zh\/blog\/#website\"},\"datePublished\":\"2023-07-08T06:57:43+00:00\",\"dateModified\":\"2024-05-04T01:35:12+00:00\",\"author\":{\"@id\":\"https:\/\/www.silicloud.com\/zh\/blog\/#\/schema\/person\/64d5cc7727fffbff2f9a2a8da1de3e5c\"},\"breadcrumb\":{\"@id\":\"https:\/\/www.silicloud.com\/zh\/blog\/%e9%98%90%e8%bf%b0-selinux-%e5%9c%a8-apache-%e4%b8%ad%e7%9a%84%e4%bd%9c%e7%94%a8\/#breadcrumb\"},\"inLanguage\":\"zh-Hans\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.silicloud.com\/zh\/blog\/%e9%98%90%e8%bf%b0-selinux-%e5%9c%a8-apache-%e4%b8%ad%e7%9a%84%e4%bd%9c%e7%94%a8\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.silicloud.com\/zh\/blog\/%e9%98%90%e8%bf%b0-selinux-%e5%9c%a8-apache-%e4%b8%ad%e7%9a%84%e4%bd%9c%e7%94%a8\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"\u9996\u9875\",\"item\":\"https:\/\/www.silicloud.com\/zh\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"\u9610\u8ff0 SELinux \u5728 Apache \u4e2d\u7684\u4f5c\u7528\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.silicloud.com\/zh\/blog\/#website\",\"url\":\"https:\/\/www.silicloud.com\/zh\/blog\/\",\"name\":\"Blog - Silicon Cloud\",\"description\":\"\",\"inLanguage\":\"zh-Hans\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.silicloud.com\/zh\/blog\/#\/schema\/person\/64d5cc7727fffbff2f9a2a8da1de3e5c\",\"name\":\"\u6587, \u7fd4\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"zh-Hans\",\"@id\":\"https:\/\/www.silicloud.com\/zh\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/920c3d673e0bccacc98e5e6b7149bb3c22edd8d39cb753e5d7d7e471498118a1?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/920c3d673e0bccacc98e5e6b7149bb3c22edd8d39cb753e5d7d7e471498118a1?s=96&d=mm&r=g\",\"caption\":\"\u6587, \u7fd4\"},\"url\":\"https:\/\/www.silicloud.com\/zh\/blog\/author\/wenxiang\/\"},{\"@type\":\"ImageObject\",\"inLanguage\":\"zh-Hans\",\"@id\":\"https:\/\/www.silicloud.com\/zh\/blog\/%e9%98%90%e8%bf%b0-selinux-%e5%9c%a8-apache-%e4%b8%ad%e7%9a%84%e4%bd%9c%e7%94%a8\/#local-main-organization-logo\",\"url\":\"\",\"contentUrl\":\"\",\"caption\":\"Blog - Silicon Cloud\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"\u9610\u8ff0 SELinux \u5728 Apache \u4e2d\u7684\u4f5c\u7528 - Blog - Silicon Cloud","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.silicloud.com\/zh\/blog\/\u9610\u8ff0-selinux-\u5728-apache-\u4e2d\u7684\u4f5c\u7528\/","og_locale":"zh_CN","og_type":"article","og_title":"\u9610\u8ff0 SELinux \u5728 Apache \u4e2d\u7684\u4f5c\u7528","og_description":"\u8fd9\u662f\u7eed\u96c6 \u8bf7\u4f7f\u7528SELinux\u3002\u4f7f\u7528\u5427\u3002\u7531\u4e8e\u57282016\u5e74\u7684Linux Advent Calendar 2016 […]","og_url":"https:\/\/www.silicloud.com\/zh\/blog\/\u9610\u8ff0-selinux-\u5728-apache-\u4e2d\u7684\u4f5c\u7528\/","og_site_name":"Blog - Silicon Cloud","article_published_time":"2023-07-08T06:57:43+00:00","article_modified_time":"2024-05-04T01:35:12+00:00","author":"\u6587, \u7fd4","twitter_card":"summary_large_image","twitter_misc":{"\u4f5c\u8005":"\u6587, \u7fd4","\u9884\u8ba1\u9605\u8bfb\u65f6\u95f4":"4 \u5206"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.silicloud.com\/zh\/blog\/%e9%98%90%e8%bf%b0-selinux-%e5%9c%a8-apache-%e4%b8%ad%e7%9a%84%e4%bd%9c%e7%94%a8\/","url":"https:\/\/www.silicloud.com\/zh\/blog\/%e9%98%90%e8%bf%b0-selinux-%e5%9c%a8-apache-%e4%b8%ad%e7%9a%84%e4%bd%9c%e7%94%a8\/","name":"\u9610\u8ff0 SELinux \u5728 Apache \u4e2d\u7684\u4f5c\u7528 - Blog - Silicon Cloud","isPartOf":{"@id":"https:\/\/www.silicloud.com\/zh\/blog\/#website"},"datePublished":"2023-07-08T06:57:43+00:00","dateModified":"2024-05-04T01:35:12+00:00","author":{"@id":"https:\/\/www.silicloud.com\/zh\/blog\/#\/schema\/person\/64d5cc7727fffbff2f9a2a8da1de3e5c"},"breadcrumb":{"@id":"https:\/\/www.silicloud.com\/zh\/blog\/%e9%98%90%e8%bf%b0-selinux-%e5%9c%a8-apache-%e4%b8%ad%e7%9a%84%e4%bd%9c%e7%94%a8\/#breadcrumb"},"inLanguage":"zh-Hans","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.silicloud.com\/zh\/blog\/%e9%98%90%e8%bf%b0-selinux-%e5%9c%a8-apache-%e4%b8%ad%e7%9a%84%e4%bd%9c%e7%94%a8\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.silicloud.com\/zh\/blog\/%e9%98%90%e8%bf%b0-selinux-%e5%9c%a8-apache-%e4%b8%ad%e7%9a%84%e4%bd%9c%e7%94%a8\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"\u9996\u9875","item":"https:\/\/www.silicloud.com\/zh\/blog\/"},{"@type":"ListItem","position":2,"name":"\u9610\u8ff0 SELinux \u5728 Apache \u4e2d\u7684\u4f5c\u7528"}]},{"@type":"WebSite","@id":"https:\/\/www.silicloud.com\/zh\/blog\/#website","url":"https:\/\/www.silicloud.com\/zh\/blog\/","name":"Blog - Silicon Cloud","description":"","inLanguage":"zh-Hans"},{"@type":"Person","@id":"https:\/\/www.silicloud.com\/zh\/blog\/#\/schema\/person\/64d5cc7727fffbff2f9a2a8da1de3e5c","name":"\u6587, \u7fd4","image":{"@type":"ImageObject","inLanguage":"zh-Hans","@id":"https:\/\/www.silicloud.com\/zh\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/920c3d673e0bccacc98e5e6b7149bb3c22edd8d39cb753e5d7d7e471498118a1?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/920c3d673e0bccacc98e5e6b7149bb3c22edd8d39cb753e5d7d7e471498118a1?s=96&d=mm&r=g","caption":"\u6587, \u7fd4"},"url":"https:\/\/www.silicloud.com\/zh\/blog\/author\/wenxiang\/"},{"@type":"ImageObject","inLanguage":"zh-Hans","@id":"https:\/\/www.silicloud.com\/zh\/blog\/%e9%98%90%e8%bf%b0-selinux-%e5%9c%a8-apache-%e4%b8%ad%e7%9a%84%e4%bd%9c%e7%94%a8\/#local-main-organization-logo","url":"","contentUrl":"","caption":"Blog - Silicon Cloud"}]}},"_links":{"self":[{"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/posts\/36439","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/users\/6"}],"replies":[{"embeddable":true,"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/comments?post=36439"}],"version-history":[{"count":2,"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/posts\/36439\/revisions"}],"predecessor-version":[{"id":97536,"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/posts\/36439\/revisions\/97536"}],"wp:attachment":[{"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/media?parent=36439"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/categories?post=36439"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/tags?post=36439"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}