Enviar pesquisa
Carregar
SELinux workshop
•
0 gostou
•
68 visualizações
J
johseg
Seguir
SELinux workshop for openSUSE conference
Leia menos
Leia mais
Tecnologia
Vista de apresentação de diapositivos
Denunciar
Compartilhar
Vista de apresentação de diapositivos
Denunciar
Compartilhar
1 de 31
Baixar agora
Baixar para ler offline
Recomendados
Linux booting process - Linux System Administration
Linux booting process - Linux System Administration
Sreenatha Reddy K R
RPM (LINUX)
RPM (LINUX)
Raghu nath
RPM (Red Hat Package Manager)
RPM (Red Hat Package Manager)
skalaivanibutp
CNIT 124 Ch 13: Post Exploitation (Part 1)
CNIT 124 Ch 13: Post Exploitation (Part 1)
Sam Bowne
An Introduction to Linux
An Introduction to Linux
anandvaidya
Attacking Windows NDIS Drivers
Attacking Windows NDIS Drivers
Kique Nissim
OVS and DPDK - T.F. Herbert, K. Traynor, M. Gray
OVS and DPDK - T.F. Herbert, K. Traynor, M. Gray
harryvanhaaren
systemd
systemd
nussbauml
Recomendados
Linux booting process - Linux System Administration
Linux booting process - Linux System Administration
Sreenatha Reddy K R
RPM (LINUX)
RPM (LINUX)
Raghu nath
RPM (Red Hat Package Manager)
RPM (Red Hat Package Manager)
skalaivanibutp
CNIT 124 Ch 13: Post Exploitation (Part 1)
CNIT 124 Ch 13: Post Exploitation (Part 1)
Sam Bowne
An Introduction to Linux
An Introduction to Linux
anandvaidya
Attacking Windows NDIS Drivers
Attacking Windows NDIS Drivers
Kique Nissim
OVS and DPDK - T.F. Herbert, K. Traynor, M. Gray
OVS and DPDK - T.F. Herbert, K. Traynor, M. Gray
harryvanhaaren
systemd
systemd
nussbauml
Unix Introduction
Unix Introduction
Ananthi
Linux file system
Linux file system
Md. Tanvir Hossain
The Forefront of the Development for NVDIMM on Linux Kernel (Linux Plumbers c...
The Forefront of the Development for NVDIMM on Linux Kernel (Linux Plumbers c...
Yasunori Goto
Linux Kernel Tour
Linux Kernel Tour
samrat das
100+ run commands for windows
100+ run commands for windows
Anand Garg
linux kernel overview 2013
linux kernel overview 2013
Rohit Pratap Singh
Device tree support on arm linux
Device tree support on arm linux
Chih-Min Chao
File System Modules
File System Modules
Anil Kumar Pugalia
Linus Torvalds
Linus Torvalds
CullenCairns
History of linux
History of linux
Shiwang Kalkhanda
Property-Based TPM Virtualization
Property-Based TPM Virtualization
Marcel Winandy
System Device Tree and Lopper: Concrete Examples - ELC NA 2022
System Device Tree and Lopper: Concrete Examples - ELC NA 2022
Stefano Stabellini
Cat database
Cat database
tubbeles
Tim berners Lee - Text
Tim berners Lee - Text
SebastianWeidner1
Linux kernel
Linux kernel
Goutam Sahoo
SFO15-205: OP-TEE Content Decryption with Microsoft PlayReady on ARM
SFO15-205: OP-TEE Content Decryption with Microsoft PlayReady on ARM
Linaro
Introduction to Computer System-ppt.pptx
Introduction to Computer System-ppt.pptx
InfofarazMotivativeA
[CB16] DeathNote of Microsoft Windows Kernel by Peter Hlavaty & Jin Long
[CB16] DeathNote of Microsoft Windows Kernel by Peter Hlavaty & Jin Long
CODE BLUE
Linux file system
Linux file system
Midaga Mengistu
A History of Linux
A History of Linux
Damian T. Gordon
selinuxbasicusage.pptx
selinuxbasicusage.pptx
Pandiya Rajan
SELinux Basic Usage
SELinux Basic Usage
Dmytro Minochkin
Mais conteúdo relacionado
Mais procurados
Unix Introduction
Unix Introduction
Ananthi
Linux file system
Linux file system
Md. Tanvir Hossain
The Forefront of the Development for NVDIMM on Linux Kernel (Linux Plumbers c...
The Forefront of the Development for NVDIMM on Linux Kernel (Linux Plumbers c...
Yasunori Goto
Linux Kernel Tour
Linux Kernel Tour
samrat das
100+ run commands for windows
100+ run commands for windows
Anand Garg
linux kernel overview 2013
linux kernel overview 2013
Rohit Pratap Singh
Device tree support on arm linux
Device tree support on arm linux
Chih-Min Chao
File System Modules
File System Modules
Anil Kumar Pugalia
Linus Torvalds
Linus Torvalds
CullenCairns
History of linux
History of linux
Shiwang Kalkhanda
Property-Based TPM Virtualization
Property-Based TPM Virtualization
Marcel Winandy
System Device Tree and Lopper: Concrete Examples - ELC NA 2022
System Device Tree and Lopper: Concrete Examples - ELC NA 2022
Stefano Stabellini
Cat database
Cat database
tubbeles
Tim berners Lee - Text
Tim berners Lee - Text
SebastianWeidner1
Linux kernel
Linux kernel
Goutam Sahoo
SFO15-205: OP-TEE Content Decryption with Microsoft PlayReady on ARM
SFO15-205: OP-TEE Content Decryption with Microsoft PlayReady on ARM
Linaro
Introduction to Computer System-ppt.pptx
Introduction to Computer System-ppt.pptx
InfofarazMotivativeA
[CB16] DeathNote of Microsoft Windows Kernel by Peter Hlavaty & Jin Long
[CB16] DeathNote of Microsoft Windows Kernel by Peter Hlavaty & Jin Long
CODE BLUE
Linux file system
Linux file system
Midaga Mengistu
A History of Linux
A History of Linux
Damian T. Gordon
Mais procurados
(20)
Unix Introduction
Unix Introduction
Linux file system
Linux file system
The Forefront of the Development for NVDIMM on Linux Kernel (Linux Plumbers c...
The Forefront of the Development for NVDIMM on Linux Kernel (Linux Plumbers c...
Linux Kernel Tour
Linux Kernel Tour
100+ run commands for windows
100+ run commands for windows
linux kernel overview 2013
linux kernel overview 2013
Device tree support on arm linux
Device tree support on arm linux
File System Modules
File System Modules
Linus Torvalds
Linus Torvalds
History of linux
History of linux
Property-Based TPM Virtualization
Property-Based TPM Virtualization
System Device Tree and Lopper: Concrete Examples - ELC NA 2022
System Device Tree and Lopper: Concrete Examples - ELC NA 2022
Cat database
Cat database
Tim berners Lee - Text
Tim berners Lee - Text
Linux kernel
Linux kernel
SFO15-205: OP-TEE Content Decryption with Microsoft PlayReady on ARM
SFO15-205: OP-TEE Content Decryption with Microsoft PlayReady on ARM
Introduction to Computer System-ppt.pptx
Introduction to Computer System-ppt.pptx
[CB16] DeathNote of Microsoft Windows Kernel by Peter Hlavaty & Jin Long
[CB16] DeathNote of Microsoft Windows Kernel by Peter Hlavaty & Jin Long
Linux file system
Linux file system
A History of Linux
A History of Linux
Semelhante a SELinux workshop
selinuxbasicusage.pptx
selinuxbasicusage.pptx
Pandiya Rajan
SELinux Basic Usage
SELinux Basic Usage
Dmytro Minochkin
2009-08-11 IBM Teach the Teachers (IBM T3), Linux Security Overview
2009-08-11 IBM Teach the Teachers (IBM T3), Linux Security Overview
Shawn Wells
SELinux_@gnu_group_meetup
SELinux_@gnu_group_meetup
Jayant Chutke
Selinux
Selinux
Ankit Raj
Unix Security
Unix Security
replay21
Stop disabling SELinux!
Stop disabling SELinux!
Maciej Lasyk
Security Enhanced Linux Overview
Security Enhanced Linux Overview
Emre Can Kucukoglu
SELinux for Everyday Users
SELinux for Everyday Users
PaulWay
Introduction To SELinux
Introduction To SELinux
Rene Cunningham
Understanding SELinux For the Win
Understanding SELinux For the Win
bmbouter
4 effective methods to disable se linux temporarily or permanently
4 effective methods to disable se linux temporarily or permanently
chinkshady
CloudStack templates with OpenVM
CloudStack templates with OpenVM
ShapeBlue
Hardening Linux, introducing Securix GNU/Linux
Hardening Linux, introducing Securix GNU/Linux
Martin Holovský
Aquarium introduction-asia-summit-2021
Aquarium introduction-asia-summit-2021
Alex Lau
Docker, Linux Containers, and Security: Does It Add Up?
Docker, Linux Containers, and Security: Does It Add Up?
Jérôme Petazzoni
SUSE Expert Days Paris 2018 – SLE 15
SUSE Expert Days Paris 2018 – SLE 15
SUSE
SELinux concept in rhel_Linux_today.pptx
SELinux concept in rhel_Linux_today.pptx
AbhradipChatterjee2
LCJ2010-KaiGai-sepgsql
LCJ2010-KaiGai-sepgsql
Kohei KaiGai
Process behaviour modelling using lsm
Process behaviour modelling using lsm
iaemedu
Semelhante a SELinux workshop
(20)
selinuxbasicusage.pptx
selinuxbasicusage.pptx
SELinux Basic Usage
SELinux Basic Usage
2009-08-11 IBM Teach the Teachers (IBM T3), Linux Security Overview
2009-08-11 IBM Teach the Teachers (IBM T3), Linux Security Overview
SELinux_@gnu_group_meetup
SELinux_@gnu_group_meetup
Selinux
Selinux
Unix Security
Unix Security
Stop disabling SELinux!
Stop disabling SELinux!
Security Enhanced Linux Overview
Security Enhanced Linux Overview
SELinux for Everyday Users
SELinux for Everyday Users
Introduction To SELinux
Introduction To SELinux
Understanding SELinux For the Win
Understanding SELinux For the Win
4 effective methods to disable se linux temporarily or permanently
4 effective methods to disable se linux temporarily or permanently
CloudStack templates with OpenVM
CloudStack templates with OpenVM
Hardening Linux, introducing Securix GNU/Linux
Hardening Linux, introducing Securix GNU/Linux
Aquarium introduction-asia-summit-2021
Aquarium introduction-asia-summit-2021
Docker, Linux Containers, and Security: Does It Add Up?
Docker, Linux Containers, and Security: Does It Add Up?
SUSE Expert Days Paris 2018 – SLE 15
SUSE Expert Days Paris 2018 – SLE 15
SELinux concept in rhel_Linux_today.pptx
SELinux concept in rhel_Linux_today.pptx
LCJ2010-KaiGai-sepgsql
LCJ2010-KaiGai-sepgsql
Process behaviour modelling using lsm
Process behaviour modelling using lsm
Último
Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024
The Digital Insurer
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
apidays
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
apidays
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
apidays
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
The Digital Insurer
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
ThousandEyes
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Edi Saputra
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
Andrey Devyatkin
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
debabhi2
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
Principled Technologies
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Roshan Dwivedi
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
The Digital Insurer
Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024
SynarionITSolutions
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
Martijn de Jong
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
wesley chun
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
Anna Loughnan Colquhoun
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation Strategies
Boston Institute of Analytics
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
Khem
Último
(20)
Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation Strategies
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
SELinux workshop
1.
2023-05-27, NUREMBERG SELinux introduction Johannes
Segitz <jsegitz@suse.com>
2.
Whoami Johannes Segitz, security
engineer at SUSE (Nuremberg, Germany) – code review – product pentesting – The SELinux guy (not the policy maintainer) Copyright © SUSE 2023 2
3.
Outline We will cover: –
Basic SELinux introduction – Install it on openSUSE tumbleweed Copyright © SUSE 2023 3
4.
Ressources needed Please have
an openSUSE Tumbleweed VM ready to play along Make sure you have internet connectivity Copyright © SUSE 2023 4
5.
Expectation management As always
it’s not possible to cover everything in one talk, so: – Mix between – higher level concepts (∼15 minutes) – practice (∼45 minutes) – You will not become a SELinux expert in an hour – We will go as far as possible with the examples. I can stick around afterwards, but we’ll stop officially after the slot ends Copyright © SUSE 2023 5
6.
Nomenclature How to read
the slides Shell: $ this is a root shell Default is root. If it’s a different user you’ll see it in the prompt. Listing: I'm the content of a file Copyright © SUSE 2023 6
7.
Mandatory access control Discretionary
access control (DAC) Usual form of access control in Linux – Typical example: root@workstation ~/ $ ls -l /etc/shadow -rw-r-----. 1 root shadow 1421 /etc/shadow – Discretionary: The owner of an object can control the access of the objects he owns Copyright © SUSE 2023 7
8.
Mandatory access control Discretionary
access control (DAC) Drawbacks: – Coarse: Basically 3 x rwx – Prone to (user) error johannes@workstation ~/ $ ls -lah ~/.ssh/id_rsa -rw-rw-rw-. 1 jsegitz users 1.7K ~/.ssh/id_rsa – Hard to analyze – root == God (- capabilities) But it’s familiar, easy to use and to understand Copyright © SUSE 2023 8
9.
Mandatory access control Mandatory
access control (MAC) Mandatory (in this context): – Access control decisions are not made by the owner – Access control rules are managed centrally Advantages: – Access control in the hand of people who know what they’re doing – Centralized control and review is easy – Often very fine grained → compartmentalization Drawbacks: – Harder to understand – Complex to administrate – Missing experience Copyright © SUSE 2023 9
10.
SELinux History Security Enhanced Linux –
Linux security module (LSM), developed by the National Security Agency (NSA) Don’t panic, it’s open source and reviewed thoroughly – First release 2000, since then integrated in the Linux kernel Didn’t play a big role at SUSE up to this point Will be the MAC system for ALP (and already is for SLE Micro) So very likely it’s also the future MAC system for openSUSE Copyright © SUSE 2023 10
11.
SELinux Basic idea – Type
Enforcement (TE). Every object has a – user: unconfined_u – role: unconfined_r – type: unconfined_t – sensitivity: s0-s0 – category: c0.c1023 – These form the Security Context (SC) unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 – In practice the type unconfined_t is all you need Copyright © SUSE 2023 11
12.
SELinux SELinux expert with
one character If you remember one thing: let it be this Copyright © SUSE 2023 12
13.
SELinux Basic idea (Almost) everything
has a SC. Sockets, packets, ... 134 security classes – Files root@workstation ~/ $ ls -lZ /etc/shadow ----------. root root system_u:object_r:shadow_t:s0 /etc/shadow – Processes root@workstation ~/ $ ps axZ | grep 'postfix/master' system_u:system_r:postfix_master_t:s0 1250 ? Ss 0:00 /usr/lib/ Copyright © SUSE 2023 13
14.
SELinux Basic idea – DAC
comes first – Then SELinux. Deny by default – Firewall for system calls Copyright © SUSE 2023 14
15.
SELinux SELinux log messages Found
in the audit.log type=AVC msg=audit(1416499522.810:77): avc: denied { transition } for pid=1282 comm="sshd" path="/usr/bin/zsh" dev="vda2" ino=40462 scontext=system_u:system_r:kernel_t:s0 tcontext=unconfined_u:unconfined_r:unconfined_t:s0 tclass=process Copyright © SUSE 2023 15
16.
Practice You’ll now change
an openSUSE installation to use SELinux. Please boot the machine Copyright © SUSE 2023 16
17.
Practice Initial setup Install packages: $
zypper in selinux-policy-targeted restorecond selinux-policy-devel policycoreutils setools-console policycoreutils-devel selinux-autorelabel podman Set SELinux to enforcing: $ sed -i -e 's/SELINUX=.*/SELINUX=enforcing/' /etc/selinux/config Main config file: /etc/selinux/config # This file controls the state of SELinux on the system. # SELINUX= can take one of these three values: # enforcing - SELinux security policy is enforced. # permissive - SELinux prints warnings instead of enforcing. # disabled - No SELinux policy is loaded. SELINUX=enforcing # SELINUXTYPE= can take one of these two values: # targeted - Targeted processes are protected, # mls - Multi Level Security protection. # minimum - Modification of targeted policy. Only selected processes are protected. SELINUXTYPE=targeted Copyright © SUSE 2023 17
18.
Practice Initial setup Set the
necessary boot parameter: $ if ! egrep 'GRUB_CMDLINE_LINUX_DEFAULT.*security=selinux selinux=1' /etc/default/grub >/dev/null; then sed -i -E 's/(GRUB_CMDLINE_LINUX_DEFAULT=.*)"/1 security=selinux selinux=1"/' /etc/default/grub fi $ update-bootloader --refresh Remove audit log, reboot: $ rm /var/log/audit/audit.log $ reboot Copyright © SUSE 2023 18
19.
Practice Look around Current SELinux
status $ sestatus Have a look at the processes $ ps auxZ Check out the filesystem labels $ ls -laZ / $ ls -laZ /var Check for mislabeled files $ restorecon -Rvn /var $ restorecon -Rv /var Copyright © SUSE 2023 19
20.
Practice Look around Check your
identity $ id -Z Check denials: $ grep -i avc /var/log/audit/audit.log $ tail -f /var/log/audit/audit.log | grep -i avc Proper way to do this: $ ausearch -m avc,user_avc,selinux_err -ts boot -i Copyright © SUSE 2023 20
21.
Practice Linux users to
SELinux users: $ semanage login -l Port mappings: $ semanage port -l File label rules: $ semanage fcontext -l Copyright © SUSE 2023 21
22.
Practice Booleans: $ semanage boolean
-l Enable a boolean: $ semanage boolean -m --on httpd_enable_homedirs Copyright © SUSE 2023 22
23.
Practice audit2allow audit2allow: – Analyzes SELinux
denial messages – Generates rules to allow necessary access – Is aware of interfaces – Suggests booleans that would allow the access But don’t use it with every denial! Copyright © SUSE 2023 23
24.
Practice audit2allow Either pipe AVCs
into audit2allow or feed into STDIN and close it: $ audit2allow -R Build SELinux module you can load: $ audit2allow -R -M $NAMEMODULE Copyright © SUSE 2023 24
25.
Practice avcs.rb Small wrapper around
auserch. Makes reading AVCs easier $ podman run --privileged -v /var/log/audit:/var/log/audit registry.opensuse.org/home/jsegitz/containers/containers/avcs:latest Copyright © SUSE 2023 25
26.
Practice Lets cause problems Mislabel
some files: $ ls -laZ /usr/sbin/postfix $ chcon -t postfix_map_exec_t /usr/sbin/postfix Check it: $ restorecon -Rvn /usr/sbin/ Restart postfix: $ systemctl restart postfix Copyright © SUSE 2023 26
27.
Practice Lets cause problems Check
the status: $ systemctl status postfix Why does it fail? You’ll see something like postfix[3427]: fatal: chdir(/var/spool/postfix): Permission denied but no AVCs. How do we approach this? Copyright © SUSE 2023 27
28.
Practice How to debug
SELinux problems Does it happen in permissive mode? $ setenforce 0 Check for denials. If you don’t see any disable dontaudit rules with $ semodule -DB Enable dontaudit again with $ semodule -B Now give audit2allow a try with this ... Check for mislabled files – either because of unaware scripts/programs – policy paths don’t match Copyright © SUSE 2023 28
29.
Practice How to debug
SELinux problems Search engines/bugtrackers are your friends Howto report a bug: https://en.opensuse.org/openSUSE:Bugreport_SELinux Copyright © SUSE 2023 29
30.
Practice How to rescue
a system In grub change boot parameters: – Disable SELinux: selinux=0 – Make SELinux permissive: enforcing=0 Copyright © SUSE 2023 30
31.
Questions? Thank you for
your attention! Copyright © SUSE 2023 31
Baixar agora