Selinux: Difference between revisions

From NovaOrdis Knowledge Base
Jump to navigation Jump to search
No edit summary
Line 33: Line 33:


=Troubleshooting=
=Troubleshooting=
==Get the SELinux Security Context==
<pre>
ls -lZ <dir>
</pre>
==Diagnosing and Fixing SELinux Problems==
If you have a suspicion that SELinux may be at the root of your problems, run:
<pre>
sealert -a /var/log/audit/audit.log
</pre>
You may get an output similar to the following one, which helps diagnose the problem:
<pre>
[...]
SELinux is preventing /usr/sbin/httpd from write access on the file manager.node.nodes.lock.
[...]
</pre>
Then use <tt>audit2allow</tt> to parse the audit logs and generate the SELinux policy to allow a denied operation.
<pre>
grep httpd /var/log/audit/audit.log | audit2allow
</pre>
<pre>
#============= httpd_t ==============
allow httpd_t httpd_log_t:file write;
</pre>
After you see it, you can write the policy in a file:
<pre>
grep httpd /var/log/audit/audit.log | audit2allow -M mysepolicy
</pre>
This will generate two files: a binary .pp file and a text .te file.
Apply the policy with:
<pre>
semodule -i mysepolicy.pp
</pre>
The policy such applies survives a reboot.
==Permission Denied when Trying to Write in a Directory==
==Permission Denied when Trying to Write in a Directory==


<font color=red>TODO, rationalize the following content: [[Media_Wiki_Installation#Fails_to_upload_images_with_.27Fatal_exception_of_type_.22MWException.22.27]].</font>
<font color=red>TODO, rationalize the following content: [[Media_Wiki_Installation#Fails_to_upload_images_with_.27Fatal_exception_of_type_.22MWException.22.27]].</font>

Revision as of 23:07, 8 January 2016

Internal

Overview

Subjects

How to Find Out Whether SELinux is Enabled

getenforce

If SELinux is enabled, the command will return "Enforcing".

Configuration

Install Management and Troubleshooting Tools

yum provides /usr/sbin/semanage
yum provides sealert
yum -y install policycoreutils-python
yum -y install setroubleshoot-server

Troubleshooting

Permission Denied when Trying to Write in a Directory

TODO, rationalize the following content: Media_Wiki_Installation#Fails_to_upload_images_with_.27Fatal_exception_of_type_.22MWException.22.27.