Questions tagged [selinux]

NSA Security-Enhanced Linux (SELinux) is an implementation of a flexible mandatory access control architecture in the Linux operating system.

The SELinux architecture provides general support for the enforcement of many kinds of mandatory access control policies, including those based on the concepts of Type Enforcement®, Role- Based Access Control, and Multi-Level Security. Background information and technical documentation about SELinux can be found at http://www.nsa.gov/selinux.

681 questions

votes

0 answers

selinux file context precendence, logrotate and httpd

UPDATE: figured out the issue, its with my fcontext path expression I have to use semanage fcontext -a -t logrotate_tmp_t "/etc/httpd/logs(./*)?" instead of semanage fcontext -a -t logrotate_tmp_t "/etc/httpd/logs/*" and -t httpd_log_t also…

asked Feb 16 '23 at 12:58

Jimmy Chi Kin Chau

votes

0 answers

Remote side unexpectedly closed network connection RHEL 7.9

I have a situation where a rhel server becomes inaccessible using AD accounts but lets a local account to login. We are using a PAM tool that serves as our AD broker that enables us to login with AD credentials and enforces MFA. The issue is…

linux-networking pam selinux pam-ldap

asked Jan 11 '23 at 17:14

doublehunter

votes

1 answer

How to set Apache-accessible SELinux policy for EFS mounted user directories?

When I mount my EFS to a user directory, the directory policy becomes system_u:object_r:nfs_t:s0, which is too restrictive - I need it to behave more like a typical user directory, which is unconfined_u:object_r:user_home_dir_t:s0. How do I change…

amazon-web-services amazon-ec2 apache-2.4 selinux

asked Nov 17 '22 at 04:46

HWD

votes

0 answers

Jboss as a service failing on OS Reboot RHEL8

0 I am facing some issues while running Jboss as a service on RHEL8 servers. The setup of service is done in a standard way as per the RHEL…

linux selinux jboss systemctl rhel8

asked Oct 18 '22 at 04:21

Amiy

votes

1 answer

DB2 systemd startup

I have a DB2 systemd startup unit that is being denied by SELinux. Here is the unit: [Unit] Description=IBM…

redhat systemd selinux ibm db2

asked Oct 06 '22 at 18:39

Kevin Huntly

votes

0 answers

SELinux: Allow in a policy for a user

I have a linux user s001 and their applications should be able to bind on port 30001 only. I added a new SELinux user s001_u with and connected it to user s001: semanage user --add s001_u --roles "guest_r" semanage login --add --seuser s001_u…

centos selinux

asked Sep 20 '22 at 12:19

Michel H.

votes

1 answer

cannot boot unless Selinux is disabled

The system fails to boot due to mount failure. I've traced it back to selinux since I can hold shift and edit the grub cmd to read selinux=0, but interestingly enough if I try permissive mode, enforcing=0 I still get boot failure and the error hints…

linux fedora selinux

asked Jul 03 '22 at 01:24

zestytestful

votes

1 answer

How to set SELINUX HTTPD User Content RW?

I'm quite new to SELINUX, I've simple question, I know there are httpd_sys_rw_content_t for /var/www/html, and read only httpd_user_content_t, but if I want to allow some folder to be RW for that user only, is there any httpd_user_rw_content_t ? Or…

php-fpm apache2 selinux rocky-linux

asked Apr 05 '22 at 05:38

Benyamin Limanto

votes

1 answer

Ubuntu 20.04 doesn't boot after setting SELinux enforcing

I'm trying to set SELinux to enforcing on Ubuntu 20.04, and the steps I did are as follow: Install SELinux = sudo apt-get install policycoreutils selinux-utils selinux-basics -y Activate SELinux = sudo selinux-activate Edit /etc/selinux/config and…

ubuntu selinux ubuntu-20.04

asked Apr 02 '22 at 03:37

kayanon

votes

1 answer

Centos7 Httpd cannot access mounted cifs directory

In a Centos 7 server I have a directory mounted with autofs in /mnt/cifs-shares/cone_files. I can read those files without issues. The directory /mnt/cifs-shares/cone_files is owned by apache:apache and has drwxr-xr-x. permissions. Now, I created a…

centos7 apache2 selinux

asked Feb 23 '22 at 16:36

leonardorame

votes

1 answer

How to set SELinux boolean using custom policy?

I know that SElinux booleans can be set via setsebool like this: setsebool -P virt_qemu_ga_read_nonsecurity_files 1 But I want to set this boolean virt_qemu_ga_read_nonsecurity_files using custom SELinux policy. Is it even possible? How can I do…

kvm-virtualization selinux qemu

asked Jan 26 '22 at 16:51

Oleg Neumyvakin

votes

1 answer

Allow samba share to access mounted remote file store

I have two servers on the same network. One running Windows Server 2016 and another running CentOS 8. The Windows server is my main file store, it's where all my data is. The CentOS server has the Windows share mounted and can access its…

centos samba selinux centos8

asked Jan 13 '22 at 17:22

gen_Eric

votes

1 answer

Which protections can I use on the server

I have read about server protection and I know how to work with fewalld protection because it is not demanding. My question is: Which of the following protections is best for the server and which of the offered ones can be used together on the…

linux selinux fail2ban firewalld mod-security

asked Nov 30 '21 at 12:32

Edgar

votes

1 answer

Why there are SELinux errors in permissive mode?

I have set CentOS 8 Stream with SELinux set to permissive but I still have bunch of red lines in the log e.g.: SELinux is preventing /usr/lib/systemd/systemd from name_connect access on the tcp_socket port 80 Are these real or its just printing -…

selinux centos8

asked Nov 25 '21 at 18:26

Boppity Bop

votes

1 answer

VNC server won't start on AlmaLinux/CentOS 8

I could not get tigervnc to start on my AlmaLinux 8 machine. We have SELinux enabled and our home directories are automounted NFS shares (configured by IPA). I see errors in my /var/log/audit/audit.log for vncserver accessing our home directories.

nfs selinux vnc centos8 automount

asked Nov 12 '21 at 19:46

rocky

Prev 1 2 3

…

45 46 Next