{"id":9183,"date":"2005-07-02T04:29:36","date_gmt":"2005-07-02T01:29:36","guid":{"rendered":"https:\/\/mamchenkov.net\/wordpress\/?p=9183"},"modified":"2017-03-08T12:09:37","modified_gmt":"2017-03-08T10:09:37","slug":"selinux-fixes","status":"publish","type":"post","link":"https:\/\/mamchenkov.net\/wordpress\/2005\/07\/02\/selinux-fixes\/","title":{"rendered":"SELinux fixes"},"content":{"rendered":"<!-- google_ad_section_start -->\n<p>If you are anything like me and don&#8217;t want to disable <acronym title=\"Security Enhanced Linux\">SELinux<\/acronym> upon installation of Fedora Linux, then I have a hint for you.<\/p>\n<p>List all files from <code>selinux-policy-targeted<\/code> and look at the output. You will the list of all files in the RPM package. Few of those files are SELinux manuals for better tweaking.<\/p>\n<pre>\/usr\/share\/man\/man8\/ftpd_selinux.8.gz\r\n\/usr\/share\/man\/man8\/httpd_selinux.8.gz\r\n\/usr\/share\/man\/man8\/kerberos_selinux.8.gz\r\n\/usr\/share\/man\/man8\/named_selinux.8.gz\r\n\/usr\/share\/man\/man8\/nfs_selinux.8.gz\r\n\/usr\/share\/man\/man8\/nis_selinux.8.gz\r\n\/usr\/share\/man\/man8\/rsync_selinux.8.gz\r\n\/usr\/share\/man\/man8\/samba_selinux.8.gz\r\n\/usr\/share\/man\/man8\/ypbind_selinux.8.gz\r\n<\/pre>\n<p>I just fixed two problems easily after looking into the documentation.<\/p>\n<p>One was with <code>bind<\/code>, which was complaining with &#8220;Permission denied&#8221; on any incoming zone transfer (slave zone). <code>named<\/code> had all the access there is to all folders, but still couldn&#8217;t write. This command (mentioned in <code>man 8 named_selinu<\/code>helped immediately:<\/p>\n<pre>setsebool -P named_write_master_zones 1<\/pre>\n<p>Anoner problem was with <code>Apache<\/code>, which wasn&#8217;t showing anything in user&#8217;s <code>public_html<\/code> directory. <code>man 8 httpd_linux<\/code> suggested the solution that worked:<\/p>\n<pre>setsebool -P httpd_enable_homedirs 1\r\nchcon -R -t httpd_sys_content_t ~user\/public_html\r\n<\/pre>\n<!-- google_ad_section_end -->\n","protected":false},"excerpt":{"rendered":"<!-- google_ad_section_start -->\n<p>If you are anything like me and don&#8217;t want to disable SELinux upon installation of Fedora Linux, then I have a hint for you. List all files from selinux-policy-targeted and look at the output. You will the list of all files in the RPM package. Few of those files are SELinux manuals for better tweaking. &hellip; <a href=\"https:\/\/mamchenkov.net\/wordpress\/2005\/07\/02\/selinux-fixes\/\" class=\"more-link\">Continue reading <span class=\"screen-reader-text\">SELinux fixes<\/span><\/a><\/p>\n<!-- google_ad_section_end -->\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2},"_links_to":"","_links_to_target":""},"categories":[1,6,133,62],"tags":[2351,2912,1531,200,3501,39,74],"keyring_services":[],"class_list":["post-9183","post","type-post","status-publish","format-standard","hentry","category-general","category-linux","category-sysadmin","category-technology","tag-fedora-linux","tag-open-source","tag-operating-systems","tag-security","tag-selinux","tag-software","tag-tips"],"aioseo_notices":[],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack-related-posts":[{"id":8614,"url":"https:\/\/mamchenkov.net\/wordpress\/2005\/02\/11\/converting-flac-to-mp3-on-linux\/","url_meta":{"origin":9183,"position":0},"title":"Converting FLAC to MP3 on Linux","author":"Leonid Mamchenkov","date":"February 11, 2005","format":false,"excerpt":"FLAC is Free Lossless Audio Codec. A 35 megabyte WAV file converted to FLAC will occupy about 25 megabytes. This is a good decrease in size, considering the fact that no quality is lost. But some files aren't all about quality and thus will be much better in mp3 or\u2026","rel":"","context":"In &quot;All&quot;","block_context":{"text":"All","link":"https:\/\/mamchenkov.net\/wordpress\/category\/general\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":8192,"url":"https:\/\/mamchenkov.net\/wordpress\/2004\/11\/11\/fedora-selinux-faq\/","url_meta":{"origin":9183,"position":1},"title":"Fedora SELinux FAQ","author":"Leonid Mamchenkov","date":"November 11, 2004","format":false,"excerpt":"If you have upgraded to Fedora Linux Core 3 recently (or planning to do so), there are probably a couple of questions you have about SELinux. If you have, then check out SELinux FAQ. Maybe it will help you. Maybe it will not. At least I tried. :)","rel":"","context":"In &quot;All&quot;","block_context":{"text":"All","link":"https:\/\/mamchenkov.net\/wordpress\/category\/general\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":18033,"url":"https:\/\/mamchenkov.net\/wordpress\/2013\/04\/16\/2012-red-hat-summit-selinux-for-mere-mortals\/","url_meta":{"origin":9183,"position":2},"title":"2012 Red Hat Summit: SELinux For Mere Mortals","author":"Leonid Mamchenkov","date":"April 16, 2013","format":"video","excerpt":"http:\/\/www.youtube.com\/watch?v=MxjenQ31b70 This, though not enough for me to stop disabling SELinux, is still eye-opening.","rel":"","context":"In &quot;All&quot;","block_context":{"text":"All","link":"https:\/\/mamchenkov.net\/wordpress\/category\/general\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/img.youtube.com\/vi\/MxjenQ31b70\/0.jpg?resize=350%2C200","width":350,"height":200},"classes":[]},{"id":27399,"url":"https:\/\/mamchenkov.net\/wordpress\/2017\/03\/08\/selinux-concepts-but-for-humans\/","url_meta":{"origin":9183,"position":3},"title":"SELinux Concepts &#8211; but for humans","author":"Leonid Mamchenkov","date":"March 8, 2017","format":false,"excerpt":"SELinux has been an annoyance for me since the early days of Fedora and Red Hat bringing it into the distribution and enabling by default (see this blog post, for example, from 2004 about Fedora 3). Over the years, I've tried to learn it, make it useful, and find benefits\u2026","rel":"","context":"In &quot;All&quot;","block_context":{"text":"All","link":"https:\/\/mamchenkov.net\/wordpress\/category\/general\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":12823,"url":"https:\/\/mamchenkov.net\/wordpress\/2010\/07\/27\/monitoring-tree-of-linux-processes\/","url_meta":{"origin":9183,"position":4},"title":"Monitoring tree of Linux processes","author":"Leonid Mamchenkov","date":"July 27, 2010","format":false,"excerpt":"Once in a while there is a need to see the tree of processes on a Linux system. \u00a0When such a need arises, I usually run \"ps auxw --forest\", which results in something like this (partial output, top only): Today, via this blog post, I've learned that there is another\u2026","rel":"","context":"In &quot;All&quot;","block_context":{"text":"All","link":"https:\/\/mamchenkov.net\/wordpress\/category\/general\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/mamchenkov.net\/wordpress\/wp-content\/uploads\/2010\/07\/ps_auxw_forest-500x253.png?resize=350%2C200&ssl=1","width":350,"height":200},"classes":[]},{"id":7467,"url":"https:\/\/mamchenkov.net\/wordpress\/2004\/04\/26\/mrtg\/","url_meta":{"origin":9183,"position":5},"title":"MRTG","author":"Leonid Mamchenkov","date":"April 26, 2004","format":false,"excerpt":"MRTG (Multi Router Traffic Grapher) is monitoring utility, which runs on many platforms and is capable of collecting and graphing statistical information such as network traffic, CPU\/Memory\/Disk space usage, etc. MRTG can gather information using both SNMP protocol and external scripts. Below are few pieces of my MRTG config file\u2026","rel":"","context":"In &quot;All&quot;","block_context":{"text":"All","link":"https:\/\/mamchenkov.net\/wordpress\/category\/general\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]}],"jetpack_sharing_enabled":true,"amp_enabled":true,"_links":{"self":[{"href":"https:\/\/mamchenkov.net\/wordpress\/wp-json\/wp\/v2\/posts\/9183","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/mamchenkov.net\/wordpress\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mamchenkov.net\/wordpress\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mamchenkov.net\/wordpress\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/mamchenkov.net\/wordpress\/wp-json\/wp\/v2\/comments?post=9183"}],"version-history":[{"count":0,"href":"https:\/\/mamchenkov.net\/wordpress\/wp-json\/wp\/v2\/posts\/9183\/revisions"}],"wp:attachment":[{"href":"https:\/\/mamchenkov.net\/wordpress\/wp-json\/wp\/v2\/media?parent=9183"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mamchenkov.net\/wordpress\/wp-json\/wp\/v2\/categories?post=9183"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mamchenkov.net\/wordpress\/wp-json\/wp\/v2\/tags?post=9183"},{"taxonomy":"keyring_services","embeddable":true,"href":"https:\/\/mamchenkov.net\/wordpress\/wp-json\/wp\/v2\/keyring_services?post=9183"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}