CentOS 7, Selinux Issue
I’m seeing a lot of noise in the logs, to the effect of:
setroubleshoot: SELinux is preventing /bin/ksh93 from write access on the directory /var/lib/ssh-x509-auth
as well as others related to find, cat, etc on .pem’s in that directory. Is this a policy bug, or just no policy covering this?
mark
CentOS 7 SELinux Issue
Trying to add SELinux support to my bitcoin package.
Keep getting this on install:
SELinux: Could not downgrade policy file
/etc/selinux/targeted/policy/policy.29, searching for an older version. SELinux: Could not open policy file
4 thoughts on - CentOS 7 SELinux Issue
https://lists.fedoraproject.org/pipermail/selinux/2012-May/014626.html
QUOTE:
Turns out you get the “Could not downgrade policy file /etc/selinux/targeted/policy/policy.24” error if you’re running with SELinux disabled and something tries to install or reload policy: semodule -vR does it.
END OF QUOTE
Ah thanks.
This is why if anyone is opposed to running SELinux it should be left in permissive mode.
Brandon Vincent
Even in permissive mode you still incur the system overhead cost (7%
performance hit, last I read) and the excessive logging.
And don’t even get me started about having /tmp mounted on a tmpfs filesystem! :-)
There are good reasons to prefer disabled over permissive if you’ve sure you won’t need to re-enable SELinux later.