Student question: SELinux in exam

VP:
I have another question regarding the exam environment. Does it matter when you turn off SELinux on the start of the exam (setenforce 0 )? For example not to be bothered with it when configuring httpd with directory other than /var/www or SSH ports etc. Thanks

Aaron Lockhart:
You should not be disabling SELinux. Part of the exam objectives is knowing how to properly handle SELinux in those scenarios.

VP:
Sometimes it can be a real pain to troubleshoot what is wrong. I had problems with it when configuring Apache. Also it takes the precious time. I do not know if it affects the scoring of exam, that is the main point of my concern.

Aaron Lockhart:
It’s better to either memorize the semanage commands you’ll need, or memorize how to quickly get that information from the man page instead of disabling SELinux. You should not disable SELinux.

semanage port -a -t http_port_t -p tcp port_number
semanage port -m -t http_port_t -p tcp port_number

Followed by a restart of the httpd service using systemctl restart http.service.

Aaron Lockhart:
The proper man reference is man semanage-port which gives http_port as the example.