From 0e4d52bcd058f7c911945637c06a70f8ad203b66 Mon Sep 17 00:00:00 2001 From: ivuorinen Date: Sun, 26 May 2024 00:15:36 +0000 Subject: [PATCH] Update cheatsheets --- tldr/kubectl-label | 6 +++--- tldr/linux/dconf-reset | 4 ++-- tldr/linux/semanage | 26 +++++++++++++++----------- 3 files changed, 20 insertions(+), 16 deletions(-) diff --git a/tldr/kubectl-label b/tldr/kubectl-label index d7525c3a..fbd5dd35 100644 --- a/tldr/kubectl-label +++ b/tldr/kubectl-label @@ -14,15 +14,15 @@ source: https://github.com/tldr-pages/tldr.git - Update a pod label by overwriting the existing value: -`kubectl label --overwrite {{pod_name}} {{key}}={{value}}` +`kubectl label --overwrite pod {{pod_name}} {{key}}={{value}}` - Label all pods in the namespace: `kubectl label pods --all {{key}}={{value}}` -- Label pod identified by pod definition file: +- Label a pod identified by the pod definition file: -`kubectl label -f {{pod_defination_file}} {{key}}={{value}}` +`kubectl label -f {{pod_definition_file}} {{key}}={{value}}` - Remove the label from a pod: diff --git a/tldr/linux/dconf-reset b/tldr/linux/dconf-reset index d01b1a68..acc69e9a 100644 --- a/tldr/linux/dconf-reset +++ b/tldr/linux/dconf-reset @@ -11,8 +11,8 @@ source: https://github.com/tldr-pages/tldr.git - Reset a specific key value: -`dconf read {{/path/to/key}}` +`dconf reset {{/path/to/key}}` - Reset a specific directory: -`dconf read -d {{/path/to/directory/}}` +`dconf reset -f {{/path/to/directory/}}` diff --git a/tldr/linux/semanage b/tldr/linux/semanage index 4df572de..92748132 100644 --- a/tldr/linux/semanage +++ b/tldr/linux/semanage @@ -5,25 +5,29 @@ source: https://github.com/tldr-pages/tldr.git --- # semanage -> SELinux Policy Management tool. +> SELinux persistent policy management tool. > More information: . -- Output local customizations: +- Set or unset a SELinux boolean. Booleans allow the administrator to customize how policy rules affect confined process types (a.k.a domains): -`semanage -S {{store}} -o {{path/to/output_file}}` +`sudo semanage boolean {{-m|--modify}} {{-1|--on|-0|--off}} {{haproxy_connect_any}}` -- Take a set of commands from a specified file and load them in a single transaction: +- Add a user-defined file context labeling rule. File contexts define what files confined domains are allowed to access: -`semanage -S {{store}} -i {{path/to/input_file}}` +`sudo semanage fcontext {{-a|--add}} {{-t|--type}} {{samba_share_t}} '/mnt/share(/.*)?'` -- Manage booleans. Booleans allow the administrator to modify the confinement of processes based on the current configuration: +- Add a user-defined port labeling rule. Port labels define what ports confined domains are allowed to listen on: -`semanage boolean -S {{store}} {{--delete|--modify|--list|--noheading|--deleteall}} {{-on|-off}} -F {{boolean|boolean_file}}` +`sudo semanage port {{-a|--add}} {{-t|--type}} {{ssh_port_t}} {{-p|--proto}} {{tcp}} {{22000}}` -- Manage policy modules: +- Set or unset permissive mode for a confined domain. Per-domain permissive mode allows more granular control compared to `setenforce`: -`semanage module -S {{store}} {{--add|--delete|--list|--modify}} {{--enable|--disable}} {{module_name}}` +`sudo semenage permissive {{-a|--add|-d|--delete}} {{httpd_t}}` -- Disable/Enable dontaudit rules in policy: +- Output local customizations in the default store: -`semanage dontaudit -S {{store}} {{on|off}}` +`sudo semanage export {{-f|--output_file}} {{path/to/file}}` + +- Import a file generated by `semanage export` into local customizations (CAREFUL: may remove current customizations!): + +`sudo semanage import {{-f|--input_file}} {{path/to/file}}`