Selinux: Difference between revisions
Jump to navigation
Jump to search
Line 28: | Line 28: | ||
=Troubleshooting= | =Troubleshooting= | ||
==Get the SELinux Security Context== | |||
<pre> | |||
ls -lZ <dir> | |||
</pre> | |||
==Diagnosing and Fixing SELinux Problems== | ==Diagnosing and Fixing SELinux Problems== |
Revision as of 22:30, 8 January 2016
Internal
Overview
How to Find Out Whether SELinux is Enabled
getenforce
If SELinux is enabled, the command will return "Enforcing".
Configuration
Install Management and Troubleshooting Tools
yum provides /usr/sbin/semanage yum provides sealert
yum -y install policycoreutils-python yum -y install setroubleshoot-server
Troubleshooting
Get the SELinux Security Context
ls -lZ <dir>
Diagnosing and Fixing SELinux Problems
If you have a suspicion that SELinux may be at the root of your problems, run:
sealert -a /var/log/audit/audit.log
You may get an output similar to the following one, which helps diagnose the problem:
[...] SELinux is preventing /usr/sbin/httpd from write access on the file manager.node.nodes.lock. [...]
Then use audit2allow to parse the audit logs and generate the SELinux policy to allow a denied operation.
grep httpd /var/log/audit/audit.log | audit2allow
The result is similar to:
#============= httpd_t ============== allow httpd_t httpd_log_t:file write;
Then change the directory SELinux security context:
chcon -t httpd_sys_script_rw_t /var/log/httpd
Permission Denied when Trying to Write in a Directory
TODO, rationalize the following content: Media_Wiki_Installation#Fails_to_upload_images_with_.27Fatal_exception_of_type_.22MWException.22.27.