WEBVTT 00:01.110 --> 00:05.980 Let's take a minute to talk about permissive domains. 00:06.150 --> 00:16.020 In the past if we wanted to test the impact of FC Linux on a new application a common approach was to 00:16.020 --> 00:26.910 put the entire system into permissive mode run the application for a period and then take a look at 00:26.910 --> 00:37.130 all the ATC deny messages and use them to make the required policy or labeling changes. 00:37.140 --> 00:46.020 This wasn't about approach but place in the entire system into anti permissive mode isn't exactly the 00:46.020 --> 00:47.760 best idea. 00:47.760 --> 00:56.970 This is a permissive domain shine permissive demands allow us to place specific domains into permissive 00:56.970 --> 01:04.280 mode while leaving the rest of the system in unforeseen mode. 01:04.290 --> 01:07.760 Let's take a look at a simple example. 01:07.800 --> 01:16.680 So here in my server if I go through an AC manage permissive shell I can see a list of premiership demands 01:16.710 --> 01:19.260 on my system. 01:19.260 --> 01:21.060 Let's go ahead and create one. 01:21.140 --> 01:31.190 But before we do that I'm going to say change con dash t default on 30 on FA dub dub dub halt team Al 01:32.150 --> 01:32.770 index. 01:32.790 --> 01:34.820 Let's confirm with a list 10 01:38.240 --> 01:39.470 no wi fi. 01:39.500 --> 01:49.770 Go for the one w get height TGP local host indexed ad hoc t demo. 01:51.560 --> 01:55.070 As expected the download fills. 01:55.070 --> 02:05.980 Let's go to make sure of it by height to be daemon is run n so system city l state US height TTP D E 02:05.990 --> 02:17.120 for a following that birth P.S. dash e za and grep for height TBD we can see the application domain 02:18.020 --> 02:27.750 now we can go out and say SC manage permissive dish A4 add height GDP D on the score T. 02:27.950 --> 02:32.810 This is going to place the web server domain into permissive mode. 02:32.810 --> 02:46.560 Let's check again with ESA info and SC man age permissive dish out easy peasy lemons queasy. 02:46.940 --> 02:56.090 We can now test our work with web get again and voila there it is. 02:56.090 --> 03:03.590 So without having to place the entire system into permissive mode we were able to release the single 03:03.590 --> 03:08.060 domain from the shackles of SC Linux. 03:08.070 --> 03:13.360 Let's go back the other way and undo what we just did. 03:13.360 --> 03:18.050 So I'm going to cycle through my human history and when to change a to D 03:21.540 --> 03:27.130 and before for retry w get well it fails. 03:27.660 --> 03:29.220 That's all for now. 03:29.220 --> 03:33.060 Thank you for your time and I hope to see you in the next lesson.