Selinux: Difference between revisions
From DWIKI
m (→FAQ) |
mNo edit summary |
||
(7 intermediate revisions by the same user not shown) | |||
Line 4: | Line 4: | ||
*http://www.linuxquestions.org/questions/linux-security-4/reuse-selinux-policy-896536/ | *http://www.linuxquestions.org/questions/linux-security-4/reuse-selinux-policy-896536/ | ||
*https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Security-Enhanced_Linux/sect-Security-Enhanced_Linux-SELinux_Contexts_Labeling_Files-Persistent_Changes_semanage_fcontext.html | *https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Security-Enhanced_Linux/sect-Security-Enhanced_Linux-SELinux_Contexts_Labeling_Files-Persistent_Changes_semanage_fcontext.html | ||
*https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Security-Enhanced_Linux/sect-Security-Enhanced_Linux-Fixing_Problems-Allowing_Access_audit2allow.html | |||
=FAQ= | |||
==no audit2allow== | |||
yum install policycoreutils-python | |||
==allow apache processes to network== | |||
setsebool -P httpd_can_network_connect 1 | |||
setsebool -P httpd_can_network_connect_db 1 | |||
==avc: denied { getattr } == | ==avc: denied { getattr } == | ||
==avc: denied { name_connect }== | ==avc: denied { name_connect }== | ||
==temporarily disable selinux== | |||
setenforce 0 | |||
==disable selinux== | |||
edit /etc/selinux/config | |||
==Add allow== | |||
(probably not this brutal) | |||
Grep AVC /var/log/audit/audit.log | audit2allow -a -M someservice |
Latest revision as of 07:56, 27 May 2019
Links
- https://wiki.centos.org/HowTos/SELinux
- http://www.linuxquestions.org/questions/linux-security-4/reuse-selinux-policy-896536/
- https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Security-Enhanced_Linux/sect-Security-Enhanced_Linux-SELinux_Contexts_Labeling_Files-Persistent_Changes_semanage_fcontext.html
- https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Security-Enhanced_Linux/sect-Security-Enhanced_Linux-Fixing_Problems-Allowing_Access_audit2allow.html
FAQ
no audit2allow
yum install policycoreutils-python
allow apache processes to network
setsebool -P httpd_can_network_connect 1 setsebool -P httpd_can_network_connect_db 1
avc: denied { getattr }
avc: denied { name_connect }
temporarily disable selinux
setenforce 0
disable selinux
edit /etc/selinux/config
Add allow
(probably not this brutal)
Grep AVC /var/log/audit/audit.log | audit2allow -a -M someservice