Selinux: Difference between revisions

From DWIKI
mNo edit summary
 
(6 intermediate revisions by the same user not shown)
Line 4: Line 4:
*http://www.linuxquestions.org/questions/linux-security-4/reuse-selinux-policy-896536/
*http://www.linuxquestions.org/questions/linux-security-4/reuse-selinux-policy-896536/
*https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Security-Enhanced_Linux/sect-Security-Enhanced_Linux-SELinux_Contexts_Labeling_Files-Persistent_Changes_semanage_fcontext.html
*https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Security-Enhanced_Linux/sect-Security-Enhanced_Linux-SELinux_Contexts_Labeling_Files-Persistent_Changes_semanage_fcontext.html
*https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Security-Enhanced_Linux/sect-Security-Enhanced_Linux-Fixing_Problems-Allowing_Access_audit2allow.html


=FAQ=
==no audit2allow==
yum install policycoreutils-python


=FAQ=
==allow apache processes to network==
==allow apache processes to network==
  setsebool -P httpd_can_network_connect 1
  setsebool -P httpd_can_network_connect 1
Line 15: Line 19:


==avc: denied { name_connect }==
==avc: denied { name_connect }==
==temporarily disable selinux==
  setenforce 0
==disable selinux==
edit /etc/selinux/config
==Add allow==
(probably not this brutal)
Grep AVC /var/log/audit/audit.log | audit2allow -a -M someservice

Latest revision as of 07:56, 27 May 2019

Links

FAQ

no audit2allow

yum install policycoreutils-python

allow apache processes to network

setsebool -P httpd_can_network_connect 1
setsebool -P httpd_can_network_connect_db 1

avc: denied { getattr }

avc: denied { name_connect }

temporarily disable selinux

 setenforce 0

disable selinux

edit /etc/selinux/config


Add allow

(probably not this brutal) 

Grep AVC /var/log/audit/audit.log | audit2allow -a -M someservice
Retrieved from "https://wiki.dhits.nl/index.php?title=Selinux&oldid=5902"