linux:selinux
Differences
This shows you the differences between two versions of the page.
| Next revision | Previous revision | ||
|
linux:selinux [2021/01/01 21:25] 127.0.0.1 external edit |
linux:selinux [2021/11/08 14:12] (current) manu [Debug / Troubleshoot SElinux] |
||
|---|---|---|---|
| Line 61: | Line 61: | ||
| The same using getsebool command: | The same using getsebool command: | ||
| <cli prompt='#'> | <cli prompt='#'> | ||
| - | [root@localhost ~]# admin@forge:~$/usr/sbin/getsebool -a | grep httpd | + | [root@localhost ~]# /usr/sbin/getsebool -a | grep httpd |
| allow_httpd_anon_write --> off | allow_httpd_anon_write --> off | ||
| allow_httpd_bugzilla_script_anon_write --> off | allow_httpd_bugzilla_script_anon_write --> off | ||
| Line 98: | Line 98: | ||
| First install the **setroubleshoot** package | First install the **setroubleshoot** package | ||
| - | <cli prompt='>'> | + | <cli prompt='#'> |
| [root@centos7 ~]# yum install setroubleshoot-server -y | [root@centos7 ~]# yum install setroubleshoot-server -y | ||
| </cli> | </cli> | ||
| Now check what happening with SElinux | Now check what happening with SElinux | ||
| - | <cli prompt='>'> | + | <cli prompt='#'> |
| [root@centos7 ~]# sealert -a /var/log/audit/audit.log | [root@centos7 ~]# sealert -a /var/log/audit/audit.log | ||
| -------------------------------------------------------------------------------- | -------------------------------------------------------------------------------- | ||
| Line 116: | Line 116: | ||
| This is essentially saying that Apache is not able to access the index.html file as it has the incorrect SELinux context. The SELinux context of the file is shown below with the -Z option from ‘ls’. | This is essentially saying that Apache is not able to access the index.html file as it has the incorrect SELinux context. The SELinux context of the file is shown below with the -Z option from ‘ls’. | ||
| - | <cli prompt='>'> | + | <cli prompt='#'> |
| [root@centos7 ~]# ls -laZ /var/www/html/ | [root@centos7 ~]# ls -laZ /var/www/html/ | ||
| drwxr-xr-x. root root system_u:object_r:httpd_sys_content_t:s0 . | drwxr-xr-x. root root system_u:object_r:httpd_sys_content_t:s0 . | ||
| Line 124: | Line 124: | ||
| Then you can run restorecon. | Then you can run restorecon. | ||
| - | <cli prompt='>'> | + | <cli prompt='#'> |
| # /sbin/restorecon -v /var/www/html/index.html | # /sbin/restorecon -v /var/www/html/index.html | ||
| </cli> | </cli> | ||
linux/selinux.1609532703.txt.gz · Last modified: 2021/01/01 21:25 by 127.0.0.1
Page Tools
Except where otherwise noted, content on this wiki is licensed under the following license: GNU Free Documentation License 1.3
