Selinux: Difference between revisions
Jump to navigation
Jump to search
| Line 30: | Line 30: | ||
==Diagnose SELinux Problems== | ==Diagnose SELinux Problems== | ||
If you have a suspicion that SELinux may be at the root of your problems, run: | |||
<pre> | |||
sealert -a /var/log/audit/audit.log | |||
</pre> | |||
You may get an output similar to the following one, which helps diagnose the problem: | |||
<pre> | |||
found 1 alerts in /var/log/audit/audit.log | |||
-------------------------------------------------------------------------------- | |||
SELinux is preventing /usr/sbin/httpd from write access on the file manager.node.nodes.lock. | |||
***** Plugin catchall (100. confidence) suggests ************************** | |||
If you believe that httpd should be allowed write access on the manager.node.nodes.lock file by default. | |||
Then you should report this as a bug. | |||
You can generate a local policy module to allow this access. | |||
Do | |||
allow this access for now by executing: | |||
# grep httpd /var/log/audit/audit.log | audit2allow -M mypol | |||
# semodule -i mypol.pp | |||
[...] | |||
</pre> | |||
==Permission Denied when Trying to Write in a Directory== | ==Permission Denied when Trying to Write in a Directory== | ||
<font color=red>TODO, rationalize the following content: [[Media_Wiki_Installation#Fails_to_upload_images_with_.27Fatal_exception_of_type_.22MWException.22.27]].</font> | <font color=red>TODO, rationalize the following content: [[Media_Wiki_Installation#Fails_to_upload_images_with_.27Fatal_exception_of_type_.22MWException.22.27]].</font> | ||
Revision as of 22:13, 8 January 2016
Internal
Overview
How to Find Out Whether SELinux is Enabled
getenforce
If SELinux is enabled, the command will return "Enforcing".
Configuration
Install Management and Troubleshooting Tools
yum provides /usr/sbin/semanage yum provides sealert
yum -y install policycoreutils-python yum -y install setroubleshoot-server
Troubleshooting
Diagnose SELinux Problems
If you have a suspicion that SELinux may be at the root of your problems, run:
sealert -a /var/log/audit/audit.log
You may get an output similar to the following one, which helps diagnose the problem:
found 1 alerts in /var/log/audit/audit.log -------------------------------------------------------------------------------- SELinux is preventing /usr/sbin/httpd from write access on the file manager.node.nodes.lock. ***** Plugin catchall (100. confidence) suggests ************************** If you believe that httpd should be allowed write access on the manager.node.nodes.lock file by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # grep httpd /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp [...]
Permission Denied when Trying to Write in a Directory
TODO, rationalize the following content: Media_Wiki_Installation#Fails_to_upload_images_with_.27Fatal_exception_of_type_.22MWException.22.27.