SELinux has been an annoyance for me since the early days of Fedora and Red Hat bringing it into the distribution and enabling by default (see this blog post, for example, from 2004 about Fedora 3).
Over the years, I’ve tried to learn it, make it useful, and find benefits in using it, but somehow those were never enough and I keep falling back on the disabling it. But on the other hand, my understanding of how SELinux works slowly is growing. The video in this blog post helped a lot.
And now I’m glad to add another useful resource to the “SELinux for mere mortals” collection. The blog mostly focuses on the terminology in the SELinux domain, and what means what. It’s so simple and straight-forward, that it even uses examples of HTML and CSS – something I’ve never seen before. If you are making your way through the “how the heck do I make sense of SELinux” land, check it out. I’m sure it’ll help.
I just fixed two problems easily after looking into the documentation.
One was with bind, which was complaining with “Permission denied” on any incoming zone transfer (slave zone). named had all the access there is to all folders, but still couldn’t write. This command (mentioned in man 8 named_selinuhelped immediately:
setsebool -P named_write_master_zones 1
Anoner problem was with Apache, which wasn’t showing anything in user’s public_html directory. man 8 httpd_linux suggested the solution that worked:
If you have upgraded to Fedora Linux Core 3 recently (or planning to do so), there are probably a couple of questions you have about SELinux. If you have, then check out SELinux FAQ. Maybe it will help you. Maybe it will not. At least I tried. :)
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.