|
|
Subscribe / Log in / New account

Removing run-time disabling for SELinux in Fedora

Removing run-time disabling for SELinux in Fedora

Posted Sep 24, 2020 12:59 UTC (Thu) by rahulsundaram (subscriber, #21946)
In reply to: Removing run-time disabling for SELinux in Fedora by rwmj
Parent article: Removing run-time disabling for SELinux in Fedora

A few tips:

Ensure that setroubleshoot-server and policycoreutils-python-utils are installed on your system and take advantage of sealert -l "*"

https://access.redhat.com/documentation/en-us/red_hat_ent...

If you have setroubleshoot-server installed before any denials happen, you will get an easy to understand log in /var/log/messages

https://access.redhat.com/documentation/en-us/red_hat_ent...

example:

setroubleshoot: SELinux is preventing /usr/sbin/httpd from name_bind access on the tcp_socket. For complete SELinux messages. run sealert -l 8c123656-5dda-4e5d-8791-9e3bd03786b7

Running the suggested sealert command will tell you exactly what to do to resolve the problem. In many cases, it is something as simple as toggling a boolean or one liner policy change


to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds