Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [selinux]

NSA Security-Enhanced Linux (SELinux) is an implementation of a flexible mandatory access control architecture in the Linux operating system.

The SELinux architecture provides general support for the enforcement of many kinds of mandatory access control policies, including those based on the concepts of Type Enforcement®, Role- Based Access Control, and Multi-Level Security. Background information and technical documentation about SELinux can be found at http://www.nsa.gov/selinux.

681 questions
5
votes
2 answers

Unable to start auditd

I am on CentOS 5.8 final I recently installed auditd via yum install audit however I am unable to start it. I edited the configuration file to give a verbose output of the error it is recieving in starting up and this is the output: # service auditd…
George Reith
  • 673
  • 2
  • 12
  • 22
5
votes
4 answers

SELinux prevents Nagios plugins from running on RHEL6

After installing Nagios NRPE & Nagios Plugins, I'm getting the following entry in my rsyslog: May 13 14:01:30 wcmisdlin02 kernel: type=1400 audit(1305309690.482:2334): avc: denied { getattr } for pid=3835 comm="sh" path="/usr/bin/sudo" dev=dm-0…
alexus
  • 13,112
  • 32
  • 117
  • 174
5
votes
2 answers

How to handle large number of users in SELinux?

A while back we started authenticating users on our Linux servers against Active Directory. As far as the actual authentication part goes, things are working great. However, one of the side effects is that Linux thinks (sort of correctly) that it…
Cooper
  • 272
  • 2
  • 8
4
votes
1 answer

Are custom SELinux policy modules portable?

If I take a policy created, say, using audit2allow -M and install it on multiple servers, will it work as expected or is there something special happening when the policies are created? Ideally I'd like to deploy using Ansible.
Mark C
  • 187
  • 5
4
votes
1 answer

Where can I find details on selinux Booleans

I'm running an openvpn server and I want to use SELinux. When it's activated I see a few "denied" events in the logs. I've used audit2allow to create a '.te' file. My question is about these lines in the file. #============= openvpn_t…
D.Fitz
  • 162
  • 1
  • 8
4
votes
2 answers

semanage not changing file context

On my centos 7 machine, I have the following information: [wmsodbc]> pwd /WMSData1/tomcat/latest [wmsodbc]> ls -lrt /WMSData1/tomcat/latest lrwxrwxrwx. 1 tomcat tomcat 37 May 2 19:26 /WMSData1/tomcat/latest ->…
Tony B
  • 254
  • 3
  • 14
4
votes
1 answer

CentOS7 SELinux doesn't seem to adhere to MCS categories

Problem A file that is assigned to a certain SELinux MCS (Multi Category Security) category can be read by a user who is not assigned to that category, indicating that MCS somehow does not work on my system (running CentOS7, with a minimal…
lumip
  • 71
  • 5
4
votes
5 answers

SELinux corrupted? Now unable to boot CentOS 7 with SELinux enabled

We recently experienced a power failure and simultaneous backup generator failure, severe enough to require safely shutting down all servers as their UPSs were draining. Upon bringing one CentOS 7.4.1708 server back up (its first "reboot" in months,…
Lightness Races in Orbit
  • 388
  • 2
  • 5
  • 18
4
votes
1 answer

SELinux/PostgresQL "denied { open } for [..] comm="pg_ctl" path="$PGDATA/postgresql.conf"

I've installed PostgresQL on a SELinux-enabled Centos 7 box and changed it's default data directory to /srv/postgres, a separate LUKS-encrypted LVM volume group/logical volume, for reasons of mobility, in case I have to move the server, and…
LANerd
  • 61
  • 6
4
votes
1 answer

selinux multiple types for directory

For a new department I created a new mount point /dept/dev and in here are currently 2 dirs: samba and svn, so we have: unconfined_u:object_r:samba_share_t:s0 /dept/dev/samba/* unconfined_u:object_r:svnserve_content_t:s0 /dept/dev/svn/* (/dept…
Moose
  • 43
  • 4
4
votes
2 answers

SELinux file path context not working with regex

I've reformatted for readability based on suggestions in the comments. I have a RADIUS server that uses google authenticator, and SELinux is blocking RADIUS from accessing the .google_authenticator files in the user home directories (these are also…
Taywee
  • 43
  • 1
  • 6
4
votes
1 answer

SELinux on CentOS7-based LXC?

Is there any way to enable SELinux on LXC-based container using proxmox 4.2?
MyFault
  • 913
  • 3
  • 15
  • 36
4
votes
2 answers

Why won't apache allow symbolic links, with SELinux?

I have a simple scenario: I want to symlink /home/leonard/apache/sandbox/markdown to /home/leonard/github/markdown-editor, so that the markdown-editor can be viewed from my browser. I setup the link with ln -s /home/leonard/github/markdown-editor…
Leonard Challis
  • 53
  • 4
  • 13
  • 27
4
votes
0 answers

How do I go about creating a systemd selinux policy domain?

How can I create an selinux policy to govern my systemd unit? I am creating a daemon that will be managed by systemd and I'd like to create an appropriate selinux policy to go with it. I've tried creating my own policy either by hand or via a tool…
Danny
  • 311
  • 1
  • 4
  • 10
4
votes
1 answer

SELinux context for apache ldap ssl

Question What SELinux context do I need, for what file to get apache ldap (over ssl) auth to work? Or is it a network protocol or system call or something else entirely? Environment Apache 2.4 on Centos 7 using basic ldap authentication over…
bgStack15
  • 1,111
  • 1
  • 12
  • 23
1 2 3
45 46