Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [selinux]

NSA Security-Enhanced Linux (SELinux) is an implementation of a flexible mandatory access control architecture in the Linux operating system.

The SELinux architecture provides general support for the enforcement of many kinds of mandatory access control policies, including those based on the concepts of Type Enforcement®, Role- Based Access Control, and Multi-Level Security. Background information and technical documentation about SELinux can be found at http://www.nsa.gov/selinux.

681 questions
0
votes
1 answer

selinux and ntp , dose selinux heve negative impact on ntp

we have redhat linux servers in spite chrony.conf is set correctly with the right ntp servers we see very strange behavior that time is still sync to ntp server but change from some reason we suspect that selinux cause this but we cant be sure (…
shalom
  • 461
  • 13
  • 29
0
votes
2 answers

Setting SElinux Labels for a magento site on Centos 7

I was hoping someone could kindly help myself. I have a Magento site running on a Centos 7.6 server. Now, the site is not correctly loading and looking in the messages.log I see numerous entries where SElinux is blocking access. I am able to…
Vaishal Patel
  • 113
  • 6
0
votes
2 answers

CSRF warning on centOS where there shouldn't be

i am working on my own ERP in laravel with a seperate Vue.js Front. I was for a while working on a windows server with apache and it was working fine. The setup was a bit tricky in the beginning as i was not running vue from apache but using npm run…
The Architect
  • 229
  • 2
  • 6
0
votes
1 answer

semanage fcontext is not overwriting default policies

I'm trying to make some custom policy on selinux file context, but the default is not changing. Here is my commands: semanage fcontext -a -t httpd_sys_content_t "/home/(.*)?" semanage fcontext -a -t httpd_log_t "/home/.*/logs(/.*)?" semanage…
Tchelo
  • 11
  • 1
  • 3
0
votes
1 answer

How do I need to configure selinux in order to have 'setenforce 1' and still be able to run my webservices?

my problem is as follows: I installed gitlab on a cloudserver of mine running CentOS7, and I configured it to use apache2/httpd instead of nginx as webserver. For doing so I followed this answer on stackoverflow and it works as a charm, but for it…
Daniel
  • 105
  • 3
0
votes
1 answer

SELinux is set to permissive but it's disabled, how to enable it?

I want to enable SELinux on my VPS but I can't do it. /etc/selinux/config : # This file controls the state of SELinux on the system. # SELINUX= can take one of these three values: # enforcing - SELinux security policy is enforced. # permissive -…
qux
  • 11
  • 1
0
votes
1 answer

Apache2 cannot open socket as a service

Platform: CentOS Linux release 7.5.1804 I have a freshly installed apache2 and I need to have it listening on a non-default port to fit the host's firewall policy. I change the httpd.conf to have Listen 7800 And when I start the service…
djna
  • 315
  • 1
  • 3
  • 9
0
votes
0 answers

Dhcpd won't start due to selinux

have searched tirelessly and can't find an answer to this thats not confusing. I have a clean install of centos 6.2 32bit on a machine I use as a router. with selinux enabled dhcpd refuses to start with the error it can't chown the leases file. I…
Jacqueline Loriault
  • 166
  • 1
  • 7
0
votes
0 answers

MariaDB fail to start (NO_NEW_PRIVILEGES)

I have a similar problem that here : Why won't MariaDB start after upgrade (NO_NEW_PRIVILEGES) But I can't upgrade the kernel (this is a vps). Does someone have an idea ?
user2267379
  • 235
  • 4
  • 8
0
votes
1 answer

errno=13. Unable to start due to shared memory failure

I have integrated httpd with tomcat by help of mod_Jk. In this case, selinux is enforcing condition. Due to enforcing enable in Selinux that's why I am unable to run the httpd in our linux server(centos 7). I am facing given issue " errno=13.…
Birendra Rawat
  • 121
  • 1
  • 3
0
votes
1 answer

configure selinux to allow sudoers on nfs share

our system is as follows: CentOS7 NIS for auth home folders on nfs share single sudoers file on NFS share for all machines. so far, item one and two work fine. but, when I change my sudo.conf file to point to the global sudo file /fs/global is a…
scphantm
  • 203
  • 1
  • 11
0
votes
0 answers

SELinux httpd With custom app

I'm enabling SELinux on a server, and the httpd server (nginx and phusion passenger) is unable to read the app's dir (/home/app), with the following message: #============= httpd_t ============== #!!!! WARNING: 'home_root_t' is a base type. #!!!!…
SRobertJames
  • 221
  • 4
  • 8
0
votes
1 answer

SELinux is preventing /usr/sbin/httpd from getattr access after switching to self signed cert

I recently created my own CA and issued my first root cert, then intermediate, then finally a server cert/key/chain for apache. When i switch from the letsencrypt certs added with certbot to the self generated certs, apache fails to start with:…
David Menache
  • 21
  • 1
  • 5
0
votes
0 answers

SELinux: How can I use the 8081 port with apache?

I need to use the 8081 port with Apache but Selinux doesn't allow that: semanage port -l | grep http_port_t http_port_t tcp 80, 81, 443, 488, 8008, 8009, 8443, 9000 semanage port -l | grep 8081 transproxy_port_t …
xRobot
  • 141
  • 1
  • 1
  • 4
0
votes
1 answer

selinux context for multiple databases

I have a directory /media/databases under which I want to hold 3 different databases : mariadb, postgresql and neo4j. My issue is that I already have configured postgresql selinux context and the server won't start unless the /media/databases…
John Doe
  • 125
  • 1
  • 7
1 2 3
45 46