On 1/2/2012 9:41 PM, Ljubomir Ljubojevic wrote:
On 01/03/2012 03:30 AM, Bennett Haselton wrote:
In other words, when SELinux causes a problem, it can take hours or days to find out that SELinux is the cause -- and even then you're not done, because you have to figure out a workaround if you want to fix the problem while keeping SELinux turned on.
You can always set SELinux to permissible mode for testing purposes and it will allow the action, but report that it would have been blocked.
Then, re-boot back into enforcing mode and run "audit2allow" and it will tell you how to set up a module which can be installed so that SELinux will allow the operation.
Here is a little file I keep in my /root directory to remind me some basic SELinux stuff: -------------------------------------------------------------------------- [root@monstro selinux]# more README Procedure to make an seliux policy named localtmp...
cd /root mkdir tmp cd tmp chcon -R -t usr_t . ln -s /usr/share/selinux/devel/Makefile . audit2allow -m mickey1 -i /var/log/audit/audit.log -o mickey1.te make -f /usr/share/selinux/devel/Makefile mv filename.te filename.pp ../selinux/ cd ../selinux semodule -i filename.pp
Commands to fix sshd binding to non-standard ports... semanage port -a -t ssh_port_t -p tcp 2244 semanage port -l | grep 22
Needed by samba setsebool -P samba_export_all_ro 1 setsebool -P samba_enable_home_dirs 1 setsebool -P samba_export_all_rw 1
[root@monstro selinux]# -------------------------------------------------------------------------- Harold