LFCS · Question #393
LFCS Question #393: Real Exam Question with Answer & Explanation
The correct answer is B: /opt/.* system_u:object_r:usr_t. To configure the default SELinux context for all files under /opt, the configuration entry should specify the regular expression ^/opt(/.)?$ or ^/opt/.$ followed by the desired context system_u:object_r:usr_t.
Question
An SELinux security context is required to ensure that all files in /opt have the default context of system_u:object_r:usr_t. How should the corresponding configuration entry be formatted?
Options
- Asystem_u:object_r:usr_t /opt/*
- B/opt/.* system_u:object_r:usr_t
- C/opt/* system_u:object_r:usr_t
- Dsystem_u:object_r:usr_t: /opt/.*
- Esystem_u:object_r:usr_t /opt/.*
Explanation
To configure the default SELinux context for all files under /opt, the configuration entry should specify the regular expression ^/opt(/.*)?$ or ^/opt/.*$ followed by the desired context system_u:object_r:usr_t.
Common mistakes.
- A. This format places the context before the path and uses a shell glob
*instead of a regular expression, which is incorrect for SELinux file context configuration. - C. This option uses a shell glob
*instead of a regular expression, which is not how SELinux file contexts are defined in configuration files. - D. This format places the context before the path, includes an extra colon after the context, and uses a regular expression that doesn't fully match the common pattern for
/optand its contents. - E. This format places the context before the path, which is incorrect for common SELinux file context configuration files like
file_contextswhere the path regexp comes first.
Concept tested. SELinux file context configuration
Topics
Community Discussion
No community discussion yet for this question.