Le 26/02/2020 à 11:51, Nicolas Kovacs a écrit : > SELinux is preventing /usr/bin/python2.7 from read access on the file disable. > > ***** Plugin catchall (100. confidence) suggests ***** > > If you believe that python2.7 should be allowed read access on the disable file > by default. > Then you should report this as a bug. > You can generate a local policy module to allow this access. > Do > allow this access for now by executing: > # ausearch -c 'f2b/server' --raw | audit2allow -M my-f2bserver > # semodule -i my-f2bserver.pp > > Weirdly enough, when I follow this suggestion and then empty audit.log and > restart my server, I still get the exact same error again. I reinstalled this server from scratch and took some notes. This time I was successful, though I don't know exactly what I did differently this time. Usually I work as non-root user and call sudo whenever I need root permissions. But is this OK when enabling SELinux modules? Let's consider the example given above: # ausearch -c 'f2b/server' --raw | audit2allow -M my-f2bserver # semodule -i my-f2bserver.pp Can I also perform it like this? $ sudo ausearch -c 'f2b/server' --raw | sudo audit2allow -M my-f2bserver $ sudo semodule -i my-f2bserver.pp I'm not sure with SELinux. Cheers, Niki -- Microlinux - Solutions informatiques durables 7, place de l'église - 30730 Montpezat Site : https://www.microlinux.fr Mail : info at microlinux.fr Tél. : 04 66 63 10 32 Mob. : 06 51 80 12 12