Tuesday, June 28, 2016

Troubleshooing selinux denials

First find out the denial message:

 sealert -b
or:
 sealert -a /var/log/audit/audit.log > /path/to/mylogfile.txt
or:
check audit log file: /var/log/audit/audit.log

After the problem is found, depending on the nature of the problem, these solutions are possible:
Access is denied to a file: 
 semanage port -a -t <context_type> -p tcp <port>
Access is denied to a port:
 chcon -Rv --type=<content_type> <path>

Where the context can be one of the selinux context types like http_port_t or httpd_sys_content_t
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)