SELinux Question

Home » CentOS » SELinux Question
CentOS 7 Comments

Hi Guys, My google foo is failing me this afternoon. Just configuring a new C6 install. I know there are SELinux alerts happening, eg: I know I
need to enable named to write to the local .jnl file as part of dynamic DNS, but sealert -b is not listing any alerts. I can see raw audit messages. Is there some daemon I have forgotten to start or install?

Thanks

Ken

7 thoughts on - SELinux Question

  • Gordon Messmer wrote:
    For some reason auditd wasn’t running or enabled. I’m now seeing the messages I needed in /var/log/messages. I’m running bind chrooted and various other tweeks mean I need to set SELinux accordingly.

    Thanks

    Ken

  • Bind chroot via the standard chroot package should just with with selinux…

    Be careful that you don’t just follow the audit.log blindly (eg audit2allow
    -aM) but think through each but carefully…

    I’d suggest starting for each exception with “is this already covered by a boolean” and then double checking your file contexts before even considering an additional custom module.

  • James Hogarth wrote:
    For some reason SELinux was blocking the updates to the zone files that are the result of DHCP leases being issued. Fixed now. Also I run MailScanner and the SELinux context needed corrected on mqueue.in, in addition to allowing SSH to operate on the non-standard port I’ve set it to.

    Thanks

    Ken

LEAVE A COMMENT