SELinux Debugging

I was looking to debug SELINUX on a new server and kept finding complex specialty commands, like here but all of those utilities are huge or not existent in default repos of Centos7, so I found more native ways to troubleshoot.

cat /var/log/audit/audit.log | grep type=AVC
getsebool -a
setsebool <bool> <on/off>

Through the logs I found that I was having issues with httpd write to a directory, cache was also in that error so I applied

semanage fcontext -a -t httpd_cache_t "/webapps/cache(/.*)?"
restorecon -Rv /webapps

This set and then applied the new policy to the offending directory.

This helped


Revision #4
Created Tue, Oct 16, 2018 1:36 PM by piper
Updated Sat, Feb 23, 2019 4:06 AM by piper