Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [selinux]

NSA Security-Enhanced Linux (SELinux) is an implementation of a flexible mandatory access control architecture in the Linux operating system.

The SELinux architecture provides general support for the enforcement of many kinds of mandatory access control policies, including those based on the concepts of Type Enforcement®, Role- Based Access Control, and Multi-Level Security. Background information and technical documentation about SELinux can be found at http://www.nsa.gov/selinux.

681 questions
4
votes
2 answers

SELinux blocking Samba directory listing

I am running Samba on a CentOS server, and I am experiencing a problem where it allows me to connect to the server and see a share, but shows the share as an empty directory. I find this behavior strange. Here is the stanza in my smb.conf for the…
Brighid McDonnell
  • 389
  • 1
  • 8
  • 20
4
votes
5 answers

Selinux - centos - missing /etc/selinux/config

I am trying to check if my selinux is disabled/enabled and can't find its config file, why its like that and what should I do to disable it.
Marcin
  • 613
  • 4
  • 8
  • 15
4
votes
3 answers

How can I tell SELinux to give vsftpd write access in a specific directory?

I've set up vsftpd on my Fedora 12 server, and I'd like to have the following configuration. Each user should have access to: his home directory (/home/USER); the web directory I created for him (/web/USER). To achieve this, I first configured…
Alpha Hydrae
  • 163
  • 2
  • 2
  • 5
4
votes
1 answer

semodule_package command not found

Hello im trying to install MongoDB on CentOS7. It says there to configure SELInux, which i followed. On the third step, it says to execute the following; checkmodule -M -m -o mongodb_cgroup_memory.mod mongodb_cgroup_memory.te semodule_package -o…
lemoncodes
  • 201
  • 1
  • 3
  • 7
4
votes
2 answers

Why is SELinux blocking my Zabbix agent's sudo calls?

I have some Zabbix checks that require sudo. These are the contents of /etc/sudoers.d/zabbix zabbix ALL=(ALL) NOPASSWD: /bin/yum history zabbix ALL=(ALL) NOPASSWD: /bin/needs-restarting zabbix ALL=(ALL) NOPASSWD: /sbin/check31 zabbix…
Rens Verhage
  • 133
  • 1
  • 2
  • 7
3
votes
3 answers

Selinux 'var_t' base type warning

I am currently 'lost' in the CentOS Selinux forest. My setup involves setting up a WSGI socket in /var/www/demo/out which nginx uses to communicate with the UWSGI process. Whenever I request the page in my browser I get an nginx error. Why is this…
ExcellentAverage
  • 133
  • 3
3
votes
2 answers

Getting compiled Python mod_wsgi module working on Apache server with SElinux enforcing mode

Trying to get my Python/Django app working on a RedHat Server in an ideal setting. Could not use the mod_wsgi from the package as it has some dependency issue when checking for modules in my virtual environment which uses python 3.6 (some dependency…
Evolutionary
  • 41
  • 5
3
votes
1 answer

SElinux: allow httpd to connect to redis

I'm running on RedHat7, with apache 2.4 and redis installed. Apache won't connect to redis unless selinux issues are resolved. I know that one option to fix that is to allow all connections with: setsebool -P httpd_can_network_connect=1 but I'd…
user515971
  • 31
  • 1
  • 3
3
votes
1 answer

SELinux relabeling on boot is stuck

I have problem restoring SELinux on a server and would like some insight. Context On our server, I recently changed SELinux from enforcing to permissive, and because it did not solve our problem which was an odd one (unexpected permissions denied),…
Huygens
  • 1,708
  • 3
  • 20
  • 36
3
votes
1 answer

Have SSHD listen to another port on Centos with SELinux running

I have a Centos VM running with SELinux enabled. I wish to have sshd listen to another port --- says, 993. I've modified the sshd_config file to listen to another port, but SELinux is getting in the way. I don't want to disable SELinux. How do I…
vy32
  • 2,088
  • 2
  • 17
  • 21
3
votes
2 answers

How to Disable Selinux Only for Apache on Centos 7.4

I dont want to disable Selinux but I am having problems with it. I am using FFMPEG (located in /var/www/tester/ffmpeg and owned by apache) [root@betaX tester]# ls -Z /var/www/html/tester/ffmpeg/ -rwxr-xr-x. apache apache…
Lunatic Fnatic
  • 237
  • 1
  • 6
  • 11
3
votes
1 answer

SELinux: Getting a custom binary to switch to another context

I am working on a new project that must be secured with SELinux. We have a custom binary written in C (for the sake of this question it will be called "testprog") that needs to switch to it's own context so that we can confine it's operations,…
James Freeman
  • 186
  • 7
3
votes
0 answers

SELinux stops pam_oddjob_mkhomedir from re-creating home dirs after deletion

I have a RedHat 7 server which is hooked up to LDAP and is supposed to create home folders automatically. In line with RedHat recommendation I use pam_oddjob_mkhomedir.so. Everything works fine if the user never logged in to the system. The problem…
Bart C
  • 211
  • 1
  • 2
  • 8
3
votes
2 answers

selinux http_port_t vs http_cache_port_t

I need Wildfly listens to another port. I know I need to change selinux in order to allow it. Nevertheless, I've found exists two possible rules to change: http_port_t, and http_cache_port_t. Questions: What do I need to modify? What does each one…
Jordi
  • 261
  • 1
  • 7
  • 15
3
votes
1 answer

Boolean ftp_home_dir is not defined - RHEL7.3

I'm trying to configure vsftpd 3.0.2 on RHEL 7.3. I am trying to set my setsebool -P ftp_home_dir=1 to enable users access to their home dir. However I receive: Boolean ftp_home_dir is not defined This is confirmed when viewing semanage boolean -l…
Mr.J
  • 123
  • 1
  • 1
  • 10
1 2 3
45 46