[CentOS] reinventing the wheel? page checker

Mon Jun 25 11:52:22 UTC 2012
James B. Byrne <byrnejb at harte-lyne.ca>

On Fri, June 22, 2012 16:38, m.roth at 5-cent.us wrote:

>
> Not true. It will issue an AVC every time something tries to happen.
> Big things to know:
>    a) ll -Z shows you the selinux context
>    b) chcon [-R] -[urt] <whatever> <file or directory>
>    c) getsebool and setsebool
>
>      mark

If you are working with SELinux issues then the following are most
helpful to have installed:

setools-libs.x86_64                      3.3.7-4.el6
setools-libs-python.x86_64               3.3.7-4.el6
setroubleshoot-plugins.noarch            3.0.16-1.el6
setroubleshoot-server.x86_64             3.0.38-2.1.el6


The files you need be aware of are:

/var/log/messages
/var/log/audit/audit.log

There are several utilities to be aware (and refer to the man pages) of:

# audit2allow
# audit2why
# ausearch
# chcon
# getenforce
# getsebool
# restorecon
# sealert
# semanage
# semodule
# setenforce
# setsebool
# system-config-securitylevel

You will also find large measures of patience and forbearance to be of
value.

For issues about missing policies and contexts and developing same you
should monitor the SELinix policy mailing list at
refpolicy at oss1.tresys.com.

-- 
***          E-Mail is NOT a SECURE channel          ***
James B. Byrne                mailto:ByrneJB at Harte-Lyne.ca
Harte & Lyne Limited          http://www.harte-lyne.ca
9 Brockley Drive              vox: +1 905 561 1241
Hamilton, Ontario             fax: +1 905 561 0757
Canada  L8E 3C3