Selinux Administration
Make sure that it is selinux that is causing the problem:
sestatus
checks the current status of selinux
Temporarily disable selinux with sudo setenforce 0
and test to see if the failure persists.
Check audit logs for selinux errors:
sudo ausearch -m avc
Generate policy file that fixes selinux errors:
sudo ausearch -c 'sendmail' --raw | audit2allow -M my-sendmail sudo semodule -X 300 -i my-sendmail.pp
-c 'sendmail'
indicates the comm=
element from the audit log records that identifies the problems to be fixed. Only these records will be selected for the new policy being created.
Use -ts "MM/DD/YYYY" "HH:MM:SS"
in place of the -c
option in order to search for log records that were recorded after a certain time.
Browse the my-sendmail.te
file before running the semodule
command to review the policy changes that will be applied.
Setting security context for files:
ls -lZ
displays current file context
chcon
modifies the security context:
chcon -R -t httpd_sys_content_t /www/sites
Where:
httpd_sys_content_t
- Apache Read-Only access
httpd_sys_rw_content_t
- Apache Read/Write access
httpd_log_t
- Apache log files
httpd_cache_t
- Apache caching
Or, use a reference directory to copy the context it has to another directory tree:
chcon -R --reference=/var/www/html /opt/dashboard