Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [selinux]

NSA Security-Enhanced Linux (SELinux) is an implementation of a flexible mandatory access control architecture in the Linux operating system.

The SELinux architecture provides general support for the enforcement of many kinds of mandatory access control policies, including those based on the concepts of Type Enforcement®, Role- Based Access Control, and Multi-Level Security. Background information and technical documentation about SELinux can be found at http://www.nsa.gov/selinux.

681 questions
2
votes
3 answers

SELinux won't let me run sshd under port 443

I'm running Redhat 7.7. I am trying to let the ssh-service accept connections on both Port 22 and Port 443. I have allready opened the firewalld with sudo firewall-cmd --add-port=443/tcp --permanent sudo firewall-cmd --reload And set Port 22 Port…
MadMike
  • 163
  • 7
2
votes
2 answers

Does SElinux in enforcing mode cause delays in file access?

I have enabled SElinux in enforcing mode on Amazon Linux and see that the time taken for file access (read/write/update) has increased by an average of 2-4 seconds. The source process is Salt and the file access is related to the file.managed state…
sce
  • 23
  • 3
2
votes
0 answers

ERROR: Couldn't connect to Docker daemon at http+docker://localhost - is it running?

My environment: # cat /etc/redhat-release Red Hat Enterprise Linux Server release 7.6 (Maipo) # uname -a Linux X.Y.Z 3.10.0-957.12.1.el7.x86_64 #1 SMP Wed Mar 20 11:34:37 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux # rpm -qa | grep…
alexus
  • 13,112
  • 32
  • 117
  • 174
2
votes
1 answer

redis fails to write the dump in /var/lib/redis in sellinux eforce mode

In my sentinel master-slave mode; redis slave fails to write the dumps in /var/lib/redis/ with error: Failed opening the RDB file dump.rdb (in server root dir /var/lib/redis) for saving: Permission denied while the permissions is indeed correct: #…
h.safe
  • 131
  • 1
  • 7
2
votes
1 answer

Ansible sefcontext not making fcontext permanent

Trying to use Ansible on a CentOS 7 server to make a directory and sync files into it. That part is working. The problem is I get a 403 Forbidden error when I try to access them from the browser. I understand that this is a fcontext problem with…
devNoise
  • 133
  • 5
2
votes
0 answers

Multiple IP addresses with SELinux using the same port

I have a CentOS 7 box with multiple IP address on the same NIC. One IP uses 443 for ssh and I want the other IP to use 443 for the web server. SELinux won't let httpd startup saying: (13)Permission denied: AH00072: make_sock: could not bind to…
John Shum
  • 21
  • 2
2
votes
1 answer

SELinux: pam_systemd(sudo:session): Failed to connect to system bus: Permission denied

On one of CentOS 7 servers I cannot perform sudo from nrpe user (Nagios daemon remote monitoring). Error message: Dec 31 08:28:10 ip-172-31-36-176 sudo: pam_unix(sudo:session): session opened for user root by (uid=0) Dec 31 08:28:10 ip-172-31-36-176…
Alexander Gerasimov
  • 193
  • 2
  • 11
2
votes
2 answers

MongoDB won't run if dbPath is symlinked

I have installed MongoDB 4.0.4 from the official repo. I followed these instructions. My OS is CentOS 7 and SELinux is in enforcing mode. If I use a dbPath value which is a symlink to another directory, I get the following error in the…
Steve
  • 143
  • 1
  • 8
2
votes
2 answers

Using SQLite through PHP without completely disabling SELinux

I'm trying to access an SQLite file on a CentOS7 box using PHP and the PDO library. I was getting read-only errors just like this question - https://stackoverflow.com/questions/3319112/sqlite-read-only-database And per that question, the answer was…
Pipupnipup
  • 31
  • 4
2
votes
1 answer

Selinux Policy for CAP_SYS_PTRACE by invoking process name

I have a system in which we have GDB installed and a target binary which needs to be debugged for errors. We do not want the user to be able to debug any other process apart from the target binary. Is there any way we can use Selinux to create a…
user9830364
  • 21
  • 1
2
votes
2 answers

SELinux - Zabbix server can't read conf file

I have installed zabbix server on red Hat 7.4 server with SELinux policy in Enforcing mode. If I launch Zabbix-server (3.4.11), I have theses errors : /var/log/zabbix/zabbix_server.log Jul 25 16:51:38 master-01 systemd: zabbix-server.service never…
user5525652
  • 157
  • 1
  • 4
  • 14
2
votes
1 answer

SELinux context documentation

I am trying to get my head around SELinux but one question keeps popping-up in my head: CONTEXT. When I'm writing custom rules and modules (on CentOS 7), I end up just taking contexts out of the air - this is my understanding so far: seinfo -t -x…
weisdaclick
  • 21
  • 2
2
votes
1 answer

SELinux will not disable on CentOS7

I want to permanently disable right now for the short term but nothing seems to work for me Steps I have tried [root@db1e secure]# setenforce 0 [root@db1e secure]# sestatus SELinux status: enabled SELinuxfs mount: …
guesterator_php
  • 29
  • 1
  • 2
2
votes
1 answer

Executing semanage returns that Python 'Plural forms expression could be dangerous'

Returning to the same issue. I am receiving some error in python when adding semanage rules: # semanage port -a -t http_port_t -p tcp 29200 Traceback (most recent call last): File "/sbin/semanage", line 32, in import seobject File…
BiG_NoBoDy
  • 138
  • 1
  • 8
2
votes
1 answer

How to restrict root to access a directory used by other user with selinux

I want to restrict the root to access a folder/directory which is created by another user.So that only that user can access that folder not even root. Is there any selinux configuration to do so this as I am not so known to selinux.
Ravi
  • 21
  • 1
  • 3
1 2 3
45 46