Questions tagged [selinux]
SELinux (Security-Enhanced Linux) is an implementation of a flexible role-based, mandatory access control (MAC) architecture on Linux through kernel modifications and user-tools. It is primarily used to confine system processes and users beyond the basic Discretionary Access Controls (DAC) mechanism or access-control list found on *nix systems.
628 questions
0 votes
1 answer
74 views
Upgrading openSUSE Leap 15.6 to 16: all kinds of D-Bus errors after completion and reboot
To upgrade from openSUSE Leap 15.6 to Leap 16 I installed this tool and then used it: zypper in opensuse-migration-tool But after complettion and reboot, I cannot login. When I enter my password, the ...
- 1,579
1 vote
0 answers
92 views
How to fix selinux error: avc: denied { write } because the source level (s0:c145,c256,c512,c768) and target level (s0) are different
My Android app is trying to write to the /dev/video0 file but is getting the following AVC denial: 10-31 08:31:42.987 4786 4786 W com.my.app: type=1400 audit(0.0:41): avc: denied { write } for name=&...
5 votes
1 answer
296 views
wheel group with selinux
I am trying to elevate the SELlinux context when an administrator uses the sudo command in Redhat 9, but I can't get it to work. According to Redhat's knowledgebase, I have to change the "default&...
- 468
1 vote
1 answer
158 views
SELinux causing issue with syslog-ng
I have a little experience with RHEL 6 from around 2016-2018 timeframe, but not much. When I took a new job in January 2025, I inherited a couple RHEL 8 systems. Those systems are not connected to a ...
- 111
1 vote
0 answers
126 views
Convert SELinux policy file to text
I want to "decompile" an SELinux policy module in .pp format to its textual representation in .te format. I can run sedismod to get a listing of various components of the policy module, but ...
- 607
1 vote
1 answer
70 views
How to create a custom SELinux file label with write access restricted to specific process types?
I want to restrict write access to certain files so that only specific process types (domains) can modify them. For this, I need to create a custom file label and assign it to those files. Following ...
0 votes
0 answers
73 views
How can I configure SELinux to force application packets through an iptables/nftables chain?
For context, I am using cake-qos-simple on my router which is a QoS script to prioritize certain traffic between my LAN and WAN. On my Windows machine, I can DSCP tag all packets for any particular ...
0 votes
0 answers
34 views
Selinux statement optional does not work on Centos 5.2
My machine: # uname -r 2.6.18-92.el5 # cat /etc/redhat-release CentOS release 5.2 (Final) # yum list | grep selinux libselinux.i386 1.33.4-5.el5 installed ...
- 346
0 votes
1 answer
175 views
Effective Tools for Enhancing CentOS Server Security [closed]
I’m seeking practical recommendations and tools to improve the security of my Linux server (CentOS) and minimize unauthorized access. I’m interested in both fundamental and advanced solutions that can ...
- 119
0 votes
1 answer
115 views
samba home folder unable to list, create or edit files and folders
I have shared my home folder over samba as follows: when i try to create folders from windows I get error "cant create" but folder is created. But permissions are all messed up. file is also ...
- 268
3 votes
0 answers
134 views
SELINUX_ERR op=security_compute_sid invalid_context while running /etc/init.d script of my app
Doing this on a RHEL8.10 distro. I've created a user with staff_u role: # useradd -Z staff_u testadm And provided this user elevated permissions, for which did following steps: created mysudoers file:...
2 votes
1 answer
929 views
Log all journald messages to AWS Cloudwatch
I'm migrating our existing Amazon Linux 2 servers to Amazon Linux 2023. One of the changes is that the AL2023 now uses journald for it's logging. I have the requirement to have all logging in AWS ...
- 163
2 votes
0 answers
418 views
How to configure smartd, s-nail and selinux to get sending mails to work?
I am trying to configure smartd to send mails via s-nail on Fedora 41. I created a .mailrc file (in which I have set the mta variable to directly send via smtps, there is no sendmail installed) in ...
- 21
0 votes
0 answers
108 views
SELinux Blocking Actions in AuditD Plugin – How to Resolve Without Switching to Permissive Mode?
Problem: I'm facing an issue where SELinux is blocking certain actions of my application, which runs as a plugin for auditd. I've been trying to generate the necessary SELinux policy using audit2allow,...
- 1
0 votes
1 answer
239 views
SElinux Blocking SSH from SystemD Service
Background I am setting up an rsync backup over SSH service via SystemD. This is ultimately failing to run due to local SElinux; minimum reproducible example: [Unit] Description=Rsync backup service ...
- 337