Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [selinux]

NSA Security-Enhanced Linux (SELinux) is an implementation of a flexible mandatory access control architecture in the Linux operating system.

The SELinux architecture provides general support for the enforcement of many kinds of mandatory access control policies, including those based on the concepts of Type Enforcement®, Role- Based Access Control, and Multi-Level Security. Background information and technical documentation about SELinux can be found at http://www.nsa.gov/selinux.

681 questions
8
votes
1 answer

How do I remove a SELinux module in CentOS?

I tried but it gave an error. # ls -l opendkim.pp -rw-r--r--. 1 root root 1569 Jan 8 01:20 opendkim.pp # ls -l /etc/selinux/targeted/modules/active/modules/opendkim.pp -rw-r--r--. 1 root root 344 Jan 8 01:33…
Chloe
  • 1,164
  • 4
  • 19
  • 35
8
votes
1 answer

SELinux port "defined in policy, cannot be deleted"

I am not satisfied with the answer to this question: $> sudo semanage port -d -p tcp -t foo... ValueError: Port foo is defined in policy, cannot be deleted The accepted answer is The SELinux policy includes definitions for ports ... There is no…
spraff
  • 549
  • 4
  • 8
  • 18
8
votes
2 answers

View custom selinux policies

Is there a way to view all custom policies applied to SELinux, preferably rolling them all up into one policy "package"? I've just spent the last week or so working through a series of SELinux errors when a certain process (awstats update from…
ibrewster
  • 387
  • 1
  • 4
  • 16
8
votes
1 answer

CentOS - semanage - Delete range of ports

Surprisingly, could not find any clear information on how to delete a range of ports by way of semanage port. Here is a list of permutations I tried: semanage port -d -t http_port_t -p tcp 0-60000 semanage port -d -t http_port_t -p tcp…
Mike Purcell
  • 1,708
  • 7
  • 32
  • 54
8
votes
2 answers

Fedora 16: "Permission denied: file permissions deny server access"

I'm working with a fresh Fedora 16 install and I'm trying to get Apache up and running. I'm very familiar with Linux and somewhat with CentOS, but I have very little experience with Fedora and SELinux (whatever that is). At first, after installing…
Daniel Standage
  • 247
  • 1
  • 3
  • 9
8
votes
3 answers

SElinux: How to change to permissive mode without a reboot?

I need to change selinux to "permissive mode" on a production server without a reboot, but setenforce wont let me do it(as a root), it always prints "setenforce: SELinux is disabled" What i'm doing wrong? [root@server3 ~]# setenforce 0 setenforce:…
Crazy_Bash
  • 227
  • 1
  • 4
  • 9
8
votes
1 answer

Best way to manage custom ports in SELinux

On RHEL 6.2, we're using httpd on a host as a front-end proxy for Tomcat on another host, and we also have mod_status configured to listen on a non-standard port to provide status info to a monitoring tool. Therefore, we need httpd to 1) establish…
Eric Rath
  • 483
  • 1
  • 5
  • 11
8
votes
2 answers

CentOS 6 kickstart ignoring 'selinux --disabled'

I've been fighting with this one for a bit and it seems that there has been a regression in CentOS 6 as far as anaconda ignoring the selinux --disabled directive. This appears to have first appeared in RHEL 4.8, and then re-appeared in RHEL 5.6.…
Zypher
  • 37,405
  • 5
  • 53
  • 95
8
votes
2 answers

SELinux blocking execution in systemd unit

I use Fedora 31 and tried to set up a Teamspeak server. When I look in journalctl -u teamspeak I get the following error: mar 09 22:22:46 melchior systemd[1]: Started Teamspeak server. mar 09 22:22:46 melchior systemd[20187]: teamspeak.service:…
runfalk
  • 261
  • 1
  • 3
  • 8
7
votes
1 answer

SELinux: How to undo/revert semanage permissive -a httpd_t?

I temporarily ran this: semanage permissive -a httpd_t To debug a domain process type issue I was having but now I can't seem to undo it. I attempt to swap "permissive" with "enforcing" but the response was: idiot, RTFM No I'm kidding, the actual…
sparecycle
  • 459
  • 1
  • 6
  • 19
7
votes
1 answer

SELinux prevents Nginx from reading file

I have nginx running on my CentOS 7 machine. Every day I run a cron job that generates new Diffie-Hellman parameters. They are saved in /etc/ssl/dh/dhparam.pem. But SELinux is preventing nginx from reading this file. This is the line in the nginx…
LuMa
  • 257
  • 4
  • 13
7
votes
1 answer

SELinux: cannot confine Firefox process to mozilla_t domain

My goal is to execute Firefox in the mozilla_t domain instead of unconfined_t. The machine runs Fedora 20 with SELinux in enforcing mode. Unfortunately, I can't seem to get this right. No matter what I do, the process is always executed in the…
user85561
7
votes
2 answers

SElinux label for php-fpm sockets

I'm attempting to set up multiple instances of php-fpm to run multiple versions of php through apache 2.2 running on centos 6.5. At some point in the future this will end up in a shared hosting environment, so I need the tightest security…
Mikk3lRo
  • 183
  • 1
  • 7
7
votes
3 answers

SELinux in the Real World

Through my (short) job experience to date, I have gained quite a bit of knowledge of how SELinux works, from an implementation point of view and how to administer it. I personally have several qualms with SELinux, such as it seems to be overly…
Jeremy Powell
  • 101
  • 1
  • 6
7
votes
1 answer

Issues with ProxyPass and ProxyPassReverse when proxying to localhost and a different TCP port

I am attempting to use ProxyPass and ProxyPassReverse to proxy requests through Apache to another server instance that is bound to the localhost on a different TCP port that the Vhost exists (VHost is bound to :80, when the target is bound to…
brandeded
  • 1,845
  • 8
  • 32
  • 50
1 2
3
45 46