SELinux tips

There are SELinux commands that I don't run often enough to remember, but often enough to be worth writing down in one place.
This is that place.

Allow SSH to bind to a different port

semanage port -a -t ssh_port_t -p tcp 2222

Allow SSH to read /root/.ssh/authorized_keys2

chcon system_u:object_r:sshd_exec_t:s0 .ssh/authorized_keys2

Disable/enable dontaudit

Disabling is useful to get everything appearing in audit.log. Can be useful to help track down problems

semodule -DB/semodule -B