Selinux: Difference between revisions

From NovaOrdis Knowledge Base
Jump to navigation Jump to search
Line 30: Line 30:


==Diagnose SELinux Problems==
==Diagnose SELinux Problems==
If you have a suspicion that SELinux may be at the root of your problems, run:
<pre>
sealert -a /var/log/audit/audit.log
</pre>
You may get an output similar to the following one, which helps diagnose the problem:
<pre>
found 1 alerts in /var/log/audit/audit.log
--------------------------------------------------------------------------------
SELinux is preventing /usr/sbin/httpd from write access on the file manager.node.nodes.lock.
*****  Plugin catchall (100. confidence) suggests  **************************
If you believe that httpd should be allowed write access on the manager.node.nodes.lock file by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# grep httpd /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp
[...]
</pre>


==Permission Denied when Trying to Write in a Directory==
==Permission Denied when Trying to Write in a Directory==


<font color=red>TODO, rationalize the following content: [[Media_Wiki_Installation#Fails_to_upload_images_with_.27Fatal_exception_of_type_.22MWException.22.27]].</font>
<font color=red>TODO, rationalize the following content: [[Media_Wiki_Installation#Fails_to_upload_images_with_.27Fatal_exception_of_type_.22MWException.22.27]].</font>

Revision as of 22:13, 8 January 2016

Internal

Overview

How to Find Out Whether SELinux is Enabled

getenforce

If SELinux is enabled, the command will return "Enforcing".

Configuration

Install Management and Troubleshooting Tools

yum provides /usr/sbin/semanage
yum provides sealert
yum -y install policycoreutils-python
yum -y install setroubleshoot-server

Troubleshooting

Diagnose SELinux Problems

If you have a suspicion that SELinux may be at the root of your problems, run:

sealert -a /var/log/audit/audit.log

You may get an output similar to the following one, which helps diagnose the problem:

found 1 alerts in /var/log/audit/audit.log
--------------------------------------------------------------------------------

SELinux is preventing /usr/sbin/httpd from write access on the file manager.node.nodes.lock.

*****  Plugin catchall (100. confidence) suggests   **************************

If you believe that httpd should be allowed write access on the manager.node.nodes.lock file by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# grep httpd /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp

[...]

Permission Denied when Trying to Write in a Directory

TODO, rationalize the following content: Media_Wiki_Installation#Fails_to_upload_images_with_.27Fatal_exception_of_type_.22MWException.22.27.