Questions tagged [selinux]

NSA Security-Enhanced Linux (SELinux) is an implementation of a flexible mandatory access control architecture in the Linux operating system.

Filter by
Sorted by
Tagged with
1
vote
1answer
29 views

Linux “ls -Z” shows question mark for security context

I've got some files that aren't being served on a site, and assuming it was a permissions issue I ran ls -Z but keep seeing ? in place of the security context: -rw-rw-r-- pete pete ? ...
0
votes
1answer
15 views

How do I install `setroubleshoot-server` (sealert)

I am looking to use sealert on my Debian env. I am unable to find the package to install to have it and the source code.
1
vote
1answer
72 views

SELinux setting httpd_can_network_relay to on throws error, “could not convert system_u:object_r:systemd_sleep_exec_t:s0 to sid”. How is this fixed?

Environment: Digital Ocean Droplet, CentOS 8 The State of httpd_can_network_relay is set to on. However the Default is set to off. $ sudo semanage boolean -l | grep httpd_can_network_relay ...
1
vote
0answers
38 views

Correct SELinux labels for a kvm/qemu user session VM shared folder

I am trying to set up a shared folder using the 9p protocol for a kvm/qemu VM that runs on the user session (so the qemu process runs as me, not as root). Mounting the shared folder in guest works ...
2
votes
1answer
392 views

Create selinux context for systemd script?

I'm trying to create a systemd service that executes a custom script I wrote. It is just a backup script that I am using with a systemd timer. When I try to execute something simple in the systemd ...
0
votes
1answer
96 views

SELinux : Where I find selinux policy for google-chrome on Fedora Linux?

How do I find all the SELinux policies used for Google Chrome on Fedora Linux?
0
votes
1answer
23 views

selinux audit rule not logging anything

I am trying to audit a directory tree for read, write, and permissions change. I created the rule using auditctl -w <path> -k media-watch, but ausearch -k media-watch only shows the creation (or ...
2
votes
1answer
65 views

What is Apache trying to do with port 80 that SELinux is blocking?

I have a small web server (CentOS 8) that runs a small php & mysql app. It also runs runs Nagios, BIND, and Postfix running as a secondary MX. Everything seems to "work", and I've never ...
0
votes
0answers
29 views

Why might SELinux issue a Permission Denied error when accessing an upstream Node.js server's default routes, but not static files like image files? [duplicate]

Environment: Nginx reverse proxy serving static resources and using proxy_pass to serve resources from 2 separate Node.js upstream server instances. Simplified example nginx.conf: server { ...
-1
votes
1answer
24 views

Resetting lost root-pwd on CentOS 8 just don't work

i just don't know. I have reset lost root-pwds on Linux boxes maybe 5 times a year in the 30 years experience as IT-Admin, but this time i#m just confused. I just don't manage to login on my CentOS ...
2
votes
1answer
42 views

svnserve with selinux on nfs mount unable to start (Centos8)

might be a silly question. Struggling with my subversion server on a Centos8 with selinux enforced. We have an NFS mount to store the data (/mnt/data/svn). The problem (when selinux is in enforcement ...
0
votes
1answer
93 views

Centos8: Selinux blocking Samba service from starting

My Samba4 service is being blocked from starting using systemctl. The audit log shows: type=AVC msg=audit(1606428851.446:87): avc: denied { execute } for pid=1748 comm="(samba)" name=&...
0
votes
0answers
23 views

Flask apache logs

I created an app with flask and for the deployment and I used an apache webserver on a CentOS8. When I configure the app.conf file in my /etc/httpd/conf.d/ to work on port 80, the prints of my app are ...
1
vote
1answer
140 views

Ansible module for adding an SELinux context equivalence

Is there an Ansible module that allows an SELinux context equivalence to be added? The command is: semanage fcontext -a -e /home/xxx /srv/xxx This makes SELinux treat /srv/xxx as equivalent to /home/...
0
votes
1answer
272 views

selinux what are the differences between setenforce 0 to permanent selinux

regarding to selinux and according to some Hadoop recommendation selinux must be disabled about selinux - more info in https://www.ibm.com/support/knowledgecenter/STXKQY_BDA_SHR/bl1bda_selinux.htm we ...

15 30 50 per page
1
2 3 4 5
42