Troubleshooting SELinux
In this recipe, you will learn how to troubleshoot SELinux policies, which is most often needed when access to some SELinux objects has been denied and you need to find out the reasons for it. In this recipe, we will show you how to work with the sealert tool, which will create human-readable and understandable error messages to work with.
Getting ready
To complete this recipe, you will require a working installation of the CentOS 7 operating system with root privileges. It is assumed that you are working through this chapter recipe by recipe, so by now you should have installed the SELinux tools and applied the Working with policies recipe in this chapter, as we will produce some SELinux denial events in order to show you how to use the log file tools.
How to do it...
- To begin, login as root and provoke a SELinux denial event:
touch /var/www/html/test2.html semanage fcontext -a -t user_tmp_t /var/www/html/test2.html restorecon -v /var/www/html/test2.html curl http:/...
