SELinux has been an annoyance for me since the early days of Fedora and Red Hat bringing it into the distribution and enabling by default (see this blog post, for example, from 2004 about Fedora 3).
Over the years, I’ve tried to learn it, make it useful, and find benefits in using it, but somehow those were never enough and I keep falling back on the disabling it. But on the other hand, my understanding of how SELinux works slowly is growing. The video in this blog post helped a lot.
And now I’m glad to add another useful resource to the “SELinux for mere mortals” collection. The blog mostly focuses on the terminology in the SELinux domain, and what means what. It’s so simple and straight-forward, that it even uses examples of HTML and CSS – something I’ve never seen before. If you are making your way through the “how the heck do I make sense of SELinux” land, check it out. I’m sure it’ll help.
I just fixed two problems easily after looking into the documentation.
One was with bind, which was complaining with “Permission denied” on any incoming zone transfer (slave zone). named had all the access there is to all folders, but still couldn’t write. This command (mentioned in man 8 named_selinuhelped immediately:
setsebool -P named_write_master_zones 1
Anoner problem was with Apache, which wasn’t showing anything in user’s public_html directory. man 8 httpd_linux suggested the solution that worked:
If you have upgraded to Fedora Linux Core 3 recently (or planning to do so), there are probably a couple of questions you have about SELinux. If you have, then check out SELinux FAQ. Maybe it will help you. Maybe it will not. At least I tried. :)