Skip to content

Instantly share code, notes, and snippets.

@adrianhardy
Last active July 8, 2016 21:16
Show Gist options
  • Save adrianhardy/b0bea23974326391162e4076eb34ffa0 to your computer and use it in GitHub Desktop.
Save adrianhardy/b0bea23974326391162e4076eb34ffa0 to your computer and use it in GitHub Desktop.
Things I just learned about SELinux

Install SELinux setroubleshootd

Run yum install setroubleshoot-server-3.0.47-11.el6.x86_64 which will bring in a bunch of packages. /usr/sbin/setroubleshootd starts a daemon so when you tail -f /var/log/messages you'll see translated selinux errors, such as:

Jul  8 21:03:45 localhost setroubleshoot: SELinux is preventing 
/usr/sbin/nginx from getattr access on the file /srv/wordpress/index.php. For 
complete SELinux messages. run sealert -l 1aa6ca64-b20c-4081-bf70-039aedf7cce6

When you run the recommended command, it gives a very thorough breakdown of what went wrong and why, along with recommended fixes.

In this instance, fixingallow nginx access to that directory involved doing the following: semanage fcontext -a -t httpd_sys_content_t "/srv/(/.*)?" followed by restorecon -R -v /srv

More information here: https://www.nginx.com/blog/nginx-se-linux-changes-upgrading-rhel-6-6/

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment