Troubleshooting SELinux
Troubleshooting SELinux is not as straightforward as it may seem as at the time of writing this book, there is no integration with SELinux to return SELinux-related events back to the applications. Usually, you will find that access is denied with no further description of it in log files.
Getting ready
Make sure that setroubleshoot-server
and setools-console
are installed by executing the following command:
~# yum install -y setroubleshoot-server setools-console
If you have X server installed on your system, you can also install the GUI, as follows:
~# yum install -y setroubleshoot
Make sure that auditd
, rsyslog
, and setroubleshootd
are installed and running before reproducing the issue.
How to do it…
There are several ways to detect SELinux issues.
This is a classic issue where the SELinux context of a file is incorrect, causing the application trying to access the file to fail.
In this case, the context of /var/www/html/index.html
is set to system_u:object_r:user_home_t...