Troubleshooting with setroubleshoot
So, you’re now scratching your head and saying, When I can’t access something that I should be able to, how do I know that it’s an SELinux problem? Ah, I’m glad you asked.
Viewing setroubleshoot messages
Whenever something happens that violates an SELinux rule, it gets logged in the /var/log/audit/audit.log file. Tools are available that can let you directly read that log, but to diagnose SELinux problems it’s way better to use setroubleshoot. The beauty of setroubleshoot is that it takes cryptic, hard-to-interpret SELinux messages from the audit.log file and translates them into plain, natural language. The messages that it sends to the /var/log/messages file even contain suggestions about how to fix the problem. To show how this works, let’s go back to our problem where a file in the /var/www/html/ directory has been assigned the wrong SELinux type. Of course, we knew right away what the problem...
