Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [selinux]

NSA Security-Enhanced Linux (SELinux) is an implementation of a flexible mandatory access control architecture in the Linux operating system.

The SELinux architecture provides general support for the enforcement of many kinds of mandatory access control policies, including those based on the concepts of Type Enforcement®, Role- Based Access Control, and Multi-Level Security. Background information and technical documentation about SELinux can be found at http://www.nsa.gov/selinux.

681 questions
3
votes
1 answer

Postfix won't run while selinux in enforcing mode

I enabled selinux forcing mode on Fedora 15 , and I was able to get apache, mysql and memcached to work fine , but I couldn't get postfix to run . I got the following errors : systemd[1]: Unit postfix.service entered failed state. kernel:…
Dina Abu-khader
  • 141
  • 2
  • 2
  • 7
3
votes
2 answers

How to solve "403 Forbidden" on CentOS6 with SELinux Disabled?

I have a machine on Linode that is driving me crazy. Linode does not have SELinux on CentOS6. I'm trying to configure to put my website in /home/websites/public_html/mysite.com/public. As I don't have SELinux enable, how can I avoid the "403…
André
  • 181
  • 4
  • 6
  • 14
3
votes
1 answer

What's the correct SELinux type for a directory?

If I create a new filesystem/directory off of / and I set the Linux permissions to 770 I expect the group to be able to read and write files in that directory. SELinux was preventing me from doing this until I changed the SELinux type on that…
unthar
  • 31
  • 1
3
votes
1 answer

The imporance of having SELinux enabled on a web server

This question is probably a matter of personal opinion but I wanted to gather your thoughts on how important having SELinux enabled on a web server is. In your opinion, is the added security a must or just nice to have? Is the performance hit worth…
Dan
  • 657
  • 2
  • 9
  • 13
3
votes
2 answers

mod_unique_id: unable to find IPv4 address of FQDN despite setting etc/hosts and Apache ServerName

I'm trying to get mod_security and hit the very common hostname error of [alert] (EAI 2)Name or service not known: mod_unique_id: unable to find IPv4 address of "computername.domain.com" This normally means an entry is required in the hosts file.…
KCD
  • 958
  • 3
  • 12
  • 24
3
votes
1 answer

Disable SELinux file read protection for httpd

I am using RHEL 6.1 and I would like to configure SELinux to authorize httpd to read all files in some folders (My goal is to make log files available via web access). Is this possible without listing explicitely all files ? Is this possible…
Denis R.
  • 293
  • 1
  • 2
  • 6
3
votes
0 answers

Enabling mod_wsgi with SELinux (Is there a way?)

I recently had a bit of problem when recently by Deploying Django with mod_wsgi due to SELinux. Usually world get a "Permission denied" error (403). This was solved by disabling SELinux. Is there a way to use mod_wsgi while SELinux is enabled? Now…
Shehzad009
  • 147
  • 1
  • 2
  • 6
3
votes
2 answers

Performance hit having SELinux on high traffic Apache?

I want to start using SELinux, and was wondering what kind of performance hit I should expect to see on a webserver with high Apache traffic? <1%, 5%, 10% ? What range are we talking about?
Sandra
  • 10,303
  • 38
  • 112
  • 165
3
votes
2 answers

Can you give one directory two SELinux Policies?

Out of laziness I want to be able FTP into my WWW directory. However, the SELinux permissions for apache(user_u:object_r:httpd_sys_content_t) to be able to use the WWW directory and for the user(system_u:object_r:user_home_dir_t ) to use the WWW…
Mike
3
votes
2 answers

Dedicated user vs selinux

What are the advantages and disadvantages of running a process with a dedicated (non root) user versus with SELinux (where a SE user may be bound to a Linux user) ?
Taknok
  • 133
  • 3
3
votes
1 answer

SELinux is preventing in:imjournal from unlink accesses on the file imjournal.state

I have a problem on Fedora 36 with rsyslog, selinux and /var/log/messages components. As you can see: AVC avc: denied { unlink } for pid=XXX comm="in:imjournal" name="imjournal.state" dev="XXX" ino=654207 scontext=system_u:system_r:syslogd_t:s0…
bugmeu
  • 31
  • 2
3
votes
0 answers

Why are docker permission errors not logged by selinux?

If you try to bind mount a directory into a container under Red Hat you might have problems with selinux. The directory will be unreadable from inside the container. Unless you add a z/Z volume option. But what I don't understand is why I can't see…
x-yuri
  • 2,141
  • 2
  • 24
  • 29
3
votes
0 answers

CentOS Linux 8 freezes when changing SELinux Booleans (setsebool)

Problem Various CentOS Linux 8 servers freeze/hang when changing SELinux Booleans. Details and research We manage hundreds of CentOS Linux servers. Lately we see deviant behavior on some (but not all) servers when changing SELinux Booleans. Just…
acropia
  • 51
  • 2
3
votes
1 answer

Again enabled SELINUX and now the user logins wont work in enforcing mode

I enabled the SELINUX again on my CentOS 8.2 installation. And now the logins wont work, neither by ssh or direct. To login i have to make the mode to permissive. the secure log shows as below. #login with ssh Sep 14 02:26:57 lcl sshd[4407]:…
Vipin Jain
  • 141
  • 10
2
votes
1 answer

Apache vhost privilege separation using SELinux contexts on CentOS8

I've got a server that will have several applications on it, one of which is proprietary code, and another with the ability to examine files on the server due to the nature of our needs. This will not do. I'm trying to achieve per-vhost privilege…
oucil
  • 557
  • 6
  • 21
1 2 3
45 46