Removing run-time disabling for SELinux in Fedora
Removing run-time disabling for SELinux in Fedora
Posted Sep 24, 2020 12:59 UTC (Thu) by rahulsundaram (subscriber, #21946)In reply to: Removing run-time disabling for SELinux in Fedora by rwmj
Parent article: Removing run-time disabling for SELinux in Fedora
Ensure that setroubleshoot-server and policycoreutils-python-utils are installed on your system and take advantage of sealert -l "*"
https://access.redhat.com/documentation/en-us/red_hat_ent...
If you have setroubleshoot-server installed before any denials happen, you will get an easy to understand log in /var/log/messages
https://access.redhat.com/documentation/en-us/red_hat_ent...
example:
setroubleshoot: SELinux is preventing /usr/sbin/httpd from name_bind access on the tcp_socket. For complete SELinux messages. run sealert -l 8c123656-5dda-4e5d-8791-9e3bd03786b7
Running the suggested sealert command will tell you exactly what to do to resolve the problem. In many cases, it is something as simple as toggling a boolean or one liner policy change